5

I am creating a docker compose file which requires some environment variables. One of the env var is from aws ssm parameter. So I need to query the value from aws ssm when I build the docker image and put the value as one of the environment variable. How can I do that in docker compose file? 

version: "2.3"
services:
  base:
    build:
      context: .
      args:
        - PYTHON_ENV=developmen
        - API_KEY= # find the value from ssm
Improve this question
1
  • Is your Dockerfile defined with API_KEY, You can set the varibale only when your Docker container contains the variable. Then FOllow my answer to define in docker-compose and .env file stackoverflow.com/questions/57861914/… Commented Sep 11, 2019 at 4:23

2 Answers 2

Reset to default
9

There is no easy way to process ARGs in docker-compose file from a subshell. But you can do this with docker build command and docker-compose with key-value.

using the docker-compose command:

MY_KEY=$(aws  ssm get-parameter --name "test" --output text --query Parameter.Value) docker-compose build --no-cache

docker-compose

version: "2.3"
services:
  base:
    build:
      context: .
      args:
        - PYTHON_ENV=developmen
        - API_KEY=${MY_KEY}

Define ARGs in Dockerfile and run subshell during build time to get the SSM parameter value.

FROM alpine
ARG API_KEY=default
ENV API_KEY="$API_KEY"
RUN echo  "API_KEY is : $API_KEY"

During build get the value using aws-cli

docker build --no-cache --build-arg API_KEY="$(aws  ssm get-parameter --name "test" --output text --query Parameter.Value)" -t myimage .

With docker-compose you can also try with system environment variable.

version: "2.3"
services:
  base:
    build:
      context: .
      args:
        - PYTHON_ENV=developmen
        - API_KEY=${MY_KEY}

Export it as an ENV before docker-compose.

 export MY_KEY=$(aws  ssm get-parameter --name "test" --output text --query Parameter.Value) && docker-compose build --no-cache
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

This solutions is best than use awscli inside docker build to get the ssm parameter? Very nice explanation! Thanks!
Actually no, this is storing sensitive information in the dockerfile
2

There's no way to run script/code inside a docker-compose file. So, you have to run the dynamic api key generation script outside the docker-compose file.

Anyway, you can declare a variable like API_KEY_FROM_SSM in docker-compose file

version: "2.3"
services:
  base:
    build:
      context: .
      args:
        - PYTHON_ENV=development
        - API_KEY=${API_KEY_FROM_SSM}

and query the value from aws ssm and assign it to API_KEY_FROM_SSM when you build the image.

API_KEY_FROM_SSM=$(your aws ssm script) docker-compose build

Hope, it helps.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.