Skip to main content
The Infisical CLI can be added to Dockerfiles to fetch secrets from Infisical and make them available as environment variables within containers at runtime. Prerequisites:

Dockerfile Modification

Follow the instructions for your specific Linux distribution to add the Infisical CLI to your Dockerfile.
RUN apk add --no-cache bash sudo wget && wget -qO- \
'https://artifacts-cli.infisical.com/setup.apk.sh' | sh \
&& apk add infisical
Next, modify the start command of your Dockerfile:
CMD ["infisical", "run", "--", "[your service start command]"]

Launch

Spin up your container with the docker run command and feed in your Infisical Token.
docker run --env INFISICAL_TOKEN=<your_infisical_token> <DOCKER-IMAGE>
Your containerized application should now be up and running with secrets from Infisical exposed as environment variables within your application’s process.

Example Dockerfile

# Select your base image (based on your Linux distribution, e.g., Alpine, Debian, Ubuntu, etc.)
FROM alpine

# Add the Infisical CLI to your Dockerfile (choose the appropriate block based on your base image)
RUN apk add --no-cache bash sudo wget && wget -qO- \
    'https://artifacts-cli.infisical.com/setup.apk.sh' | sh \
    && apk add infisical

# Install any additional dependencies or packages your service requires
# RUN <additional commands for your service>

# Copy your service files to the container
COPY . /app

# Set the working directory
WORKDIR /app

# Modify the start command of your Dockerfile
CMD ["infisical", "run", "--", "npm run start"]
See also: