The Infisical CLI can be added to Dockerfiles to fetch secrets from Infisical and make them available as environment variables within containers at runtime.

Prerequisites:

Dockerfile Modification

Follow the instructions for your specific Linux distribution to add the Infisical CLI to your Dockerfile.

RUN apk add --no-cache bash curl && curl -1sLf \
'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \
&& apk add infisical

Next, modify the start command of your Dockerfile:

CMD ["infisical", "run", "--", "[your service start command]"]

Launch

Spin up your container with the docker run command and feed in your Infisical Token.

docker run --env INFISICAL_TOKEN=<your_infisical_token> <DOCKER-IMAGE>

Your containerized application should now be up and running with secrets from Infisical exposed as environment variables within your application’s process.

Example Dockerfile

# Select your base image (based on your Linux distribution, e.g., Alpine, Debian, Ubuntu, etc.)
FROM alpine

# Add the Infisical CLI to your Dockerfile (choose the appropriate block based on your base image)
RUN apk add --no-cache bash curl && curl -1sLf \
    'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \
    && apk add infisical

# Install any additional dependencies or packages your service requires
# RUN <additional commands for your service>

# Copy your service files to the container
COPY . /app

# Set the working directory
WORKDIR /app

# Modify the start command of your Dockerfile
CMD ["infisical", "run", "--", "npm run start"]

See also:

Was this page helpful?