Docker Compose

Prerequisites:

Set up and add envars to Infisical Cloud

Configure the Infisical CLI for each service

Follow this guide to configure the Infisical CLI for each service that you wish to inject environment variables into; you’ll have to update the Dockerfile of each service.

Generate and configure machine identity

Generate a machine identity for each service you want to inject secrets into. You can do this by following the steps in the Machine Identity guide.

Set the machine identity client ID and client secret as environment variables

For each service you want to inject secrets into, generate the required INFISICAL_TOKEN_SERVICE_A and INFISICAL_TOKEN_SERVICE_B.

# Example Docker Compose file
services:
  web:
    build: .
    image: example-service-1
    environment:
      - INFISICAL_TOKEN=${INFISICAL_TOKEN_SERVICE_A}

  api:
    build: .
    image: example-service-2
    environment:
      - INFISICAL_TOKEN=${INFISICAL_TOKEN_SERVICE_B}

Export shell variables

Next, set the shell variables you defined in your compose file. This can be done manually or via your CI/CD environment. Once done, it will be used to populate the corresponding INFISICAL_TOKEN_SERVICE_A and INFISICAL_TOKEN_SERVICE_B in your Docker Compose file.

#Example

# Token refers to the token we generated in step 2 for this service
export INFISICAL_TOKEN_SERVICE_A=$(infisical login --method=universal-auth --client-id=<your-client-id> --client-secret=<your-client-secret> --silent --plain)
export INFISICAL_TOKEN_SERVICE_B=$(infisical login --method=universal-auth --client-id=<your-client-id> --client-secret=<your-client-secret> --silent --plain)

# Then run your compose file in the same terminal.
docker-compose ...

Generate and configure machine identity

Generate a machine identity for each service you want to inject secrets into. You can do this by following the steps in the Machine Identity guide.

Set the machine identity client ID and client secret as environment variables

For each service you want to inject secrets into, generate the required INFISICAL_TOKEN_SERVICE_A and INFISICAL_TOKEN_SERVICE_B.

# Example Docker Compose file
services:
  web:
    build: .
    image: example-service-1
    environment:
      - INFISICAL_TOKEN=${INFISICAL_TOKEN_SERVICE_A}

  api:
    build: .
    image: example-service-2
    environment:
      - INFISICAL_TOKEN=${INFISICAL_TOKEN_SERVICE_B}

Export shell variables

#Example

# Token refers to the token we generated in step 2 for this service
export INFISICAL_TOKEN_SERVICE_A=$(infisical login --method=universal-auth --client-id=<your-client-id> --client-secret=<your-client-secret> --silent --plain)
export INFISICAL_TOKEN_SERVICE_B=$(infisical login --method=universal-auth --client-id=<your-client-id> --client-secret=<your-client-secret> --silent --plain)

# Then run your compose file in the same terminal.
docker-compose ...

Generate service token

Generate a unique Service Token for each service.

Feed service token to your Docker Compose file

For each service you want to inject secrets into, set an environment variable called INFISICAL_TOKEN equal to a unique identifier variable.

In the example below, we set INFISICAL_TOKEN_FOR_WEB and INFISICAL_TOKEN_FOR_API as the INFISICAL_TOKEN for the services.

# Example Docker Compose file
services:
  web:
    build: .
    image: example-service-1
    environment:
      - INFISICAL_TOKEN=${INFISICAL_TOKEN_FOR_WEB}

  api:
    build: .
    image: example-service-2
    environment:
      - INFISICAL_TOKEN=${INFISICAL_TOKEN_FOR_API}

Export shell variables

#Example

# Token refers to the token we generated in step 2 for this service
export INFISICAL_TOKEN_FOR_WEB=<token>

# Token refers to the token we generated in step 2 for this service
export INFISICAL_TOKEN_FOR_API=<token>

# Then run your compose file in the same terminal.
docker-compose ...

Infrastructure Integrations

App Connections

Secret Syncs

Native Integrations

CI/CD Integrations

Framework Integrations

Build Tool Integrations

Others

Configure the Infisical CLI for each service

Generate and configure machine identity

Set the machine identity client ID and client secret as environment variables

Export shell variables

Generate and configure machine identity

Set the machine identity client ID and client secret as environment variables

Export shell variables

Generate service token

Feed service token to your Docker Compose file

Export shell variables

Infrastructure Integrations

App Connections

Secret Syncs

Native Integrations

CI/CD Integrations

Framework Integrations

Build Tool Integrations

Others

​Configure the Infisical CLI for each service

​Generate and configure machine identity

​Set the machine identity client ID and client secret as environment variables

​Export shell variables

​Generate and configure machine identity

​Set the machine identity client ID and client secret as environment variables

​Export shell variables

​Generate service token

​Feed service token to your Docker Compose file

​Export shell variables

Configure the Infisical CLI for each service

Generate and configure machine identity

Set the machine identity client ID and client secret as environment variables

Export shell variables

Generate and configure machine identity

Set the machine identity client ID and client secret as environment variables

Export shell variables

Generate service token

Feed service token to your Docker Compose file

Export shell variables