1

Possible duplicate of Do Docker Hub image repositories contain the environment variables from .env file?. Opening anyways as it doesn't look like there has been a definitive answer.

So I've written a docker setup made of different processes with docker-composer. The docker-compose.yml file injects environment variables from an uncommitted .env file. Since the build takes a while, my colleagues asked me to upload prebuilt containers + volumes for the project. I'm wondering wether the .env variables from my machine will be saved into the backups or, as I would expect, they wont and they will need to set their own environment variables (eg. secret api keys and such).

Unfortunately I couldn't find a concise explanation and manually inspecting the backups doesn't seem like a foolproof method to verify no sensitive data is committed.

Bosone
  • 21
  • 3
  • I'll recommend separating your build process and your run process into separate processes rather than having them in the same docker-compose process. That makes it a lot cleaner and a lot easier to reason about. – Hans Kilian Aug 25 '21 at 08:41
  • I believe that's already the case as images are built from a Dockerfile, with docker-compose referencing each of its layers and building them only if not already available. – Bosone Aug 25 '21 at 08:47
  • could you add your .env file and docker-compose.yaml file with the secrets and keys redacted? – Noam Yizraeli Aug 25 '21 at 10:46

0 Answers0