Getting Started

The Infisical CLI can be added to Dockerfiles to fetch secrets from Infisical and make them available as environment variables within containers at runtime.


  • Docker

  • Docker Compose

Dockerfile Modification

Follow the instruction for your specific Linux distrubtion to add the Infisical CLI to your Dockerfile.

  • Alpine

  • RedHat/CentOs/Amazon-linux

  • Debian/Ubuntu

RUN apk add --no-cache bash curl && curl -1sLf \
'' | bash \
&& apk add infisical

Next, modify the start command of your Dockerfile:

CMD ["infisical", "run", "--", "[your service start command]"]


Spin up your container with the docker run command and feed in your Infisical Token.

docker run --env INFISICAL_TOKEN=<your_infisical_token> <DOCKER-IMAGE>

Your containerized application should now be up and running with secrets from Infisical exposed as environment variables within your application’s process.

Example Dockerfile

# Select your base image (based on your Linux distribution, e.g., Alpine, Debian, Ubuntu, etc.)
FROM alpine

# Add the Infisical CLI to your Dockerfile (choose the appropriate block based on your base image)
RUN apk add --no-cache bash curl && curl -1sLf \
    '' | bash \
    && apk add infisical

# Install any additional dependencies or packages your service requires
# RUN <additional commands for your service>

# Copy your service files to the container
COPY . /app

# Set the working directory

# Modify the start command of your Dockerfile
CMD ["infisical", "run", "--", "npm run start"]

See also: