Environment variables in Flightcontrol
Flightcontrol deals with all secrets as environment variables. By default all secrets and environment variables are injected to the application during both build and runtime. However, if you want to have more control over the secrets injected into your custom Dockerfile, you achieve that by setting the configuration parameter injectEnvVariablesInDockerfile
to false
.
Once this parameter is set to false, you will have full control over which environment variables are used in the build. All environment variables will be made available using Docker build secrets. This means none of the environment variables will be available in the resulting image, and it will allow to run specific steps using specific secret, for example database migration using database connection string, without leaking this sensitive information in the resulting image.
Accessing environment variable as Docker build secret
In order to access any environment variable as Docker secret you need to adjust your Dockerfile as the following example. Assuming you have a node application with prisma that requires DATABASE_URL
as connection string.
RUN --mount=type=secret,id=DATABASE_URL \
DATABASE_URL=$(cat /run/secrets/DATABASE_URL) \
pnpm prisma db migrate
By default, Flightcontrol makes the environment variable available with an id
with the environment variable name, and the value availble under /run/secrets/<environment variable name>
.