Docker

The Infisical CLI can be added to Dockerfiles to fetch secrets from Infisical and make them available as environment variables within containers at runtime.

Prerequisites:

Have a project with secrets ready in Infisical Cloud.
Create an Infisical Token scoped to an environment in your project in Infisical.

Docker
Docker Compose

Dockerfile Modification

Follow the instruction for your specific Linux distrubtion to add the Infisical CLI to your Dockerfile.

Alpine
RedHat/CentOs/Amazon-linux
Debian/Ubuntu

RUN apk add --no-cache bash curl && curl -1sLf \
'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \
&& apk add infisical

Next, modify the start command of your Dockerfile:

CMD ["infisical", "run", "--", "[your service start command]"]

Launch

Spin up your container with the docker run command and feed in your Infisical Token.

docker run --env INFISICAL_TOKEN=<your_infisical_token> <DOCKER-IMAGE>

Your containerized application should now be up and running with secrets from Infisical exposed as environment variables within your application’s process.

Example Dockerfile

# Select your base image (based on your Linux distribution, e.g., Alpine, Debian, Ubuntu, etc.)
FROM alpine

# Add the Infisical CLI to your Dockerfile (choose the appropriate block based on your base image)
RUN apk add --no-cache bash curl && curl -1sLf \
    'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.alpine.sh' | bash \
    && apk add infisical

# Install any additional dependencies or packages your service requires
# RUN <additional commands for your service>

# Copy your service files to the container
COPY . /app

# Set the working directory
WORKDIR /app

# Modify the start command of your Dockerfile
CMD ["infisical", "run", "--", "npm run start"]

Overview

Platform

Self-host Infisical

Command line

Integrations

Docker

Docker Compose

Dockerfile Modification

Alpine

RedHat/CentOs/Amazon-linux

Debian/Ubuntu

Launch

Example Dockerfile