Infisical home pagelight logo
  1. Docker
  2. Docker Compose

Prerequisites:

Configure the Infisical CLI for each service

Follow this guide to configure the Infisical CLI for each service that you wish to inject environment variables into; you’ll have to update the Dockerfile of each service.

Generate Infisical Tokens

Generate a unique Infisical Token for each service.

Add Infisical Tokens to your Docker Compose file

For each service you want to inject secrets into, set an environment variable called INFISICAL_TOKEN equal to a unique identifier variable.

In the example below, we set INFISICAL_TOKEN_FOR_WEB and INFISICAL_TOKEN_FOR_API as the INFISICAL_TOKEN for the services.

# Example Docker Compose file
services:
  web:
    build: .
    image: example-service-1
    environment:
      - INFISICAL_TOKEN=${INFISICAL_TOKEN_FOR_WEB}

  api:
    build: .
    image: example-service-2
    environment:
      - INFISICAL_TOKEN=${INFISICAL_TOKEN_FOR_API}

Export shell variables

Next, set the shell variables you defined in your compose file. This can be done manually or via your CI/CD environment. Once done, it will be used to populate the corresponding INFISICAL_TOKEN in your Docker Compose file.

#Example

# Token refers to the token we generated in step 2 for this service
export INFISICAL_TOKEN_FOR_WEB=<token>

# Token refers to the token we generated in step 2 for this service
export INFISICAL_TOKEN_FOR_API=<token>

# Then run your compose file in the same terminal.
docker-compose ...