SecureDockerEnv is a Python-based project for securely managing environment variables in Docker. It ensures that sensitive credentials are never embedded in Docker images while providing a safe and efficient way to inject .env files at runtime. This project follows Docker security best practices to protect secrets, prevent accidental leaks, and enhance security in containerized applications.
- Secure management of
.envfiles in Docker. - Prevents sensitive credentials from being embedded in images.
- Supports Docker and Docker Compose for flexible deployment.
- Implements best security practices for handling environment variables.
To install and run SecureDockerEnv on your local machine:
-
Clone the repository:
git clone https://github.com/shafiqul-islam-sumon/SecureDockerEnv.git cd SecureDockerEnv -
Install dependencies:
pip install -r requirements.txt
-
Run the project using Docker:
docker build -t secure-docker-env . docker run --env-file .env secure-docker-env
- Accidental Exposure in Shared Images:
.envfiles included in images can be accessed by anyone pulling the image. - Persistent Secrets in Image Layers: Once embedded, secrets remain in previous layers even if deleted.
- Static Secrets: Hardcoded secrets require image rebuilding for updates.
- Environment-Specific Configurations: Embedding
.envfiles makes it difficult to manage multiple environments.
This project implements two secure approaches:
This method allows explicit control by dynamically passing the .env file at runtime.
SLACK_BOT_TOKEN=your-slack-bot-token
SLACK_SIGNING_SECRET=your-signing-secretFROM python:3.10-slim
# Set working directory
WORKDIR /app
# Copy the current directory contents into the container
COPY . /app
# Install dependencies
RUN apt-get update && apt-get install -y curl procps && \
pip install -r requirements.txt
CMD ["python", "-u", "main.py"].env
docker build -t my-app .
docker run --env-file .env my-appThis method simplifies environment management, especially for multi-container applications.
services:
app:
build:
context: .
dockerfile: Dockerfile
env_file:
- .env# Build docker image
docker-compose build
# Run container
docker-compose up| Feature | Docker (--env-file) |
Docker Compose (env_file) |
|---|---|---|
| Ease of Use | Requires manual --env-file |
Loads .env automatically |
| Multiple Services | Best for single-container apps | Ideal for multi-container apps |
| Explicit Control | Must pass .env each time |
Implicitly loads from docker-compose.yml |
| Runtime Flexibility | Allows dynamic .env selection |
Requires modifying docker-compose.yml |
- Never include
.envfiles in Docker images β Always use.dockerignore. - Use
--env-filefor dynamic secret management β Useful for single-container deployments. - Use Docker Compose for multi-service environments β Simplifies deployment.
By following these methods, SecureDockerEnv ensures .env files remain external to Docker images, enhancing security and flexibility. Choose --env-file for explicit control or Docker Compose for easier multi-container management.
Contributions are welcome! To contribute:
- Fork the repository.
- Create a new branch (
feature-branch). - Commit your changes.
- Push to GitHub and create a Pull Request.
Feel free to submit issues and feature requests!
This project is licensed under the MIT License. See LICENSE for details.
For more details, check out:
- π Protect Sensitive Information in Docker (Full Blog Post)
- π Docker Environment Variables Documentation