8 
version: '3'

services:
  db:
    image: "mysql:5.7"
    volumes:
      - data-mysql:/var/lib/mysql

    ports:
      - '3306:3306'

    environment:
      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}

volumes:
  data-mysql:
    driver: local

Thank you Manny

Improve this question
1

1 Answer 1

Reset to default
16

There is no need for an env file. If you use only the variable name in the docker compose environment definition, its value will automatically be transferred from your host to the container:

services:
  db:
    image: "mysql:5.7"
    ports: ['3306:3306']
    environment:
      MYSQL_ROOT_PASSWORD:

From the documentation:

Environment variables with only a key are resolved to their values on the machine Compose is running on, which can be helpful for secret or host-specific values.

If for some reason, you want or need to use an env file, you also can:

services:
  db:
    image: "mysql:5.7"
    ports: ['3306:3306']
    env_file:
    - production.env

and in your production.env file (or whatever you name it), just put lines of key=value:

MYSQL_ROOT_PASSWORD=7op-s3cr37

See also The “env_file” configuration option.

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Thank you, lastly, how to use .dockerignore in order to hide my password in case someone will run: docker container inspect ?
In the same way that you cannot completely hide secrets on a host, if someone has access to the host, you usually cannot hide all secrets in a container, from people who have access to the container. The container is assumed to run in a protected, privileged environment. (and .dockerignore is only for files, and of course you should .gitignore and .dockerignore the env file if you are using it)
If someone can run docker container inspect, they can also docker run a container with unrestricted root-level access to the host filesystem. I'd make sure sudo access is required to run any docker command and limit who has access to that.
Okay. and if my container has compromised, How's my dockerignore should looks like, in order to prevent showing the password in my container?
Did not know that you can leave the env variables just empty to pass. Not that important though, since normally, your local env variables should differ or should be not reliable enough over time.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.