One important note about environment variables and security: Depending on which kind of data you’re storing in your environment variables, you might not want to include the secure data directly in your Dockerfile
.
Instead, go for a separate environment variables file which is then only used at runtime (i.e. when you run your container with docker run
).
Otherwise, the values are “baked into the image” and everyone can read these values via docker history <image>
.
For some values, this might not matter but for credentials, private keys etc. you definitely want to avoid that!
If you use a separate file, the values are not part of the image since you point at that file when you run docker run
. But make sure you don’t commit that separate file as part of your source control repository, if you’re using source control.