Passwords in Dockerfile
You can make use of ENV
or ARG
inside the Dockerfile:
For ex you can use ARG as shown below in the Dockerfile:
FROM busybox ARG userUSER $user
when you use ARG
you have to pass the value when you build the docker image as :
docker build --build-arg user=what_user
You can also use ENV as shown below in the Dockerfile:
FROM ubuntuENV CONT_IMG_VER helloRUN echo $CONT_IMG_VER
You can refer to this for more info.
In general, I would not put any password directly at the Dockerfile, for two reasons:
- Get your Dockerfile obsolete, forcing you to build a new image every time your password changes.
- Passwords or any other sensitive information should be handled in a safer way (it will depend on your use case).
In this particular case (which seems a non production case). Using ENV and ARG together would be the best approach:
ARG MSQL_SERVER_VERSION=2017-latestFROM microsoft/mssql-server-linux:$MSQL_SERVER_VERSION as sqlbaseWORKDIR /usr/src/appCOPY ./sql-scripts /usr/src/appARG MSSQL_SA_PASSWORD=P@55w0rdENV MSSQL_SA_PASSWORD $MSSQL_SA_PASSWORDENV ACCEPT_EULA=YRUN /opt/mssql/bin/sqlservr --accept-eula & sleep 10 \ && /opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P $MSSQL_SA_PASSWORD -i ./init.sql \ && pkill sqlservr
Having MSSQL_SA_PASSWORD
as an ARG
and assigning its value to the MSSQL_SA_PASSWORD
environment variable makes your Dockerfile more flexible. This also let you use it at the RUN
command to avoid redundancy.
You can learn more about how ENV
, ARG
(and its scope) work in Dockerfile reference.