Docker

The Infisical CLI can be added to Dockerfiles to fetch secrets from Infisical and make them available as environment variables within containers at runtime.

Prerequisites:

Have a project with secrets ready in Infisical Cloud.
Create an Infisical Token scoped to an environment in your project in Infisical.

Dockerfile Modification

Follow the instructions for your specific Linux distribution to add the Infisical CLI to your Dockerfile.

RUN apk add --no-cache bash curl && curl -1sLf \
'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \
&& apk add infisical

RUN apk add --no-cache bash curl && curl -1sLf \
'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \
&& apk add infisical

RUN curl -1sLf \
'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.rpm.sh' | sh \ 
&& yum install -y infisical

RUN apt-get update && apt-get install -y bash curl && curl -1sLf \
'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | bash \
&& apt-get update && apt-get install -y infisical

Next, modify the start command of your Dockerfile:

CMD ["infisical", "run", "--", "[your service start command]"]

Launch

Spin up your container with the docker run command and feed in your Infisical Token.

docker run --env INFISICAL_TOKEN=<your_infisical_token> <DOCKER-IMAGE>

Your containerized application should now be up and running with secrets from Infisical exposed as environment variables within your application’s process.

Example Dockerfile

# Select your base image (based on your Linux distribution, e.g., Alpine, Debian, Ubuntu, etc.)
FROM alpine

# Add the Infisical CLI to your Dockerfile (choose the appropriate block based on your base image)
RUN apk add --no-cache bash curl && curl -1sLf \
    'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \
    && apk add infisical

# Install any additional dependencies or packages your service requires
# RUN <additional commands for your service>

# Copy your service files to the container
COPY . /app

# Set the working directory
WORKDIR /app

# Modify the start command of your Dockerfile
CMD ["infisical", "run", "--", "npm run start"]

Dockerfile Modification

Follow the instructions for your specific Linux distribution to add the Infisical CLI to your Dockerfile.

RUN apk add --no-cache bash curl && curl -1sLf \
'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \
&& apk add infisical

RUN apk add --no-cache bash curl && curl -1sLf \
'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \
&& apk add infisical

RUN curl -1sLf \
'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.rpm.sh' | sh \ 
&& yum install -y infisical

RUN apt-get update && apt-get install -y bash curl && curl -1sLf \
'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | bash \
&& apt-get update && apt-get install -y infisical

Next, modify the start command of your Dockerfile:

CMD ["infisical", "run", "--", "[your service start command]"]

Launch

Spin up your container with the docker run command and feed in your Infisical Token.

docker run --env INFISICAL_TOKEN=<your_infisical_token> <DOCKER-IMAGE>

Your containerized application should now be up and running with secrets from Infisical exposed as environment variables within your application’s process.

Example Dockerfile

# Select your base image (based on your Linux distribution, e.g., Alpine, Debian, Ubuntu, etc.)
FROM alpine

# Add the Infisical CLI to your Dockerfile (choose the appropriate block based on your base image)
RUN apk add --no-cache bash curl && curl -1sLf \
    'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \
    && apk add infisical

# Install any additional dependencies or packages your service requires
# RUN <additional commands for your service>

# Copy your service files to the container
COPY . /app

# Set the working directory
WORKDIR /app

# Modify the start command of your Dockerfile
CMD ["infisical", "run", "--", "npm run start"]

Dockerfile Modifications

Follow the instructions for your specific Linux distributions to add the Infisical CLI to your Dockerfiles.

RUN apk add --no-cache bash curl && curl -1sLf \
'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \
&& apk add infisical

RUN apk add --no-cache bash curl && curl -1sLf \
'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \
&& apk add infisical

RUN curl -1sLf \
'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.rpm.sh' | sh \ 
&& yum install -y infisical

RUN apt-get update && apt-get install -y bash curl && curl -1sLf \
'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' | bash \
&& apt-get update && apt-get install -y infisical

Next, modify the start commands of your Dockerfiles:

CMD ["infisical", "run", "--", "[your service start command]"]

Example Dockerfile

# Select your base image (based on your Linux distribution, e.g., Alpine, Debian, Ubuntu, etc.)
FROM alpine

# Add the Infisical CLI to your Dockerfile (choose the appropriate block based on your base image)
RUN apk add --no-cache bash curl && curl -1sLf \
    'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \
    && apk add infisical

# Install any additional dependencies or packages your service requires
# RUN <additional commands for your service>

# Copy your service files to the container
COPY . /app

# Set the working directory
WORKDIR /app

# Modify the start command of your Dockerfile
CMD ["infisical", "run", "--", "[your service start command]"]

Docker Compose File Modification

For each service you want to inject secrets into, set an environment variable called INFISICAL_TOKEN equal to a unique identifier variable. For example:

services:
    api:
        build: .
        image: example-service-2
        environment:
        - INFISICAL_TOKEN=${INFISICAL_TOKEN_FOR_API}
...

Export shell variables

Next, set the shell variables you defined in your compose file. Continuing from the previous example:

export INFISICAL_TOKEN_FOR_API=<your_infisical_token>

Launch

Spin up your containers with the docker-compose up command.

docker-compose up

Your containers should now be running with the secrets from Infisical available inside as environment variables.

Getting Started

Platform

Authentication Methods

Self-host Infisical

Internals

Contributing

Dockerfile Modification

Launch

Example Dockerfile

Dockerfile Modification

Launch

Example Dockerfile

Dockerfile Modifications

Example Dockerfile

Docker Compose File Modification

Export shell variables

Launch

Getting Started

Platform

Authentication Methods

Self-host Infisical

Internals

Contributing

​Dockerfile Modification

​Launch

​Example Dockerfile

​Dockerfile Modification

​Launch

​Example Dockerfile

​Dockerfile Modifications

​Example Dockerfile

​Docker Compose File Modification

​Export shell variables

​Launch

Dockerfile Modification

Launch

Example Dockerfile

Dockerfile Modification

Launch

Example Dockerfile

Dockerfile Modifications

Example Dockerfile

Docker Compose File Modification

Export shell variables

Launch