Passwords in Dockerfile
You can make use of ENV or ARG inside the Dockerfile:
For ex you can use ARG as shown below in the Dockerfile:
FROM busybox ARG userUSER $userwhen you use ARG you have to pass the value when you build the docker image as :
docker build --build-arg user=what_user You can also use ENV as shown below in the Dockerfile:
FROM ubuntuENV CONT_IMG_VER helloRUN echo $CONT_IMG_VERYou can refer to this for more info.
In general, I would not put any password directly at the Dockerfile, for two reasons:
- Get your Dockerfile obsolete, forcing you to build a new image every time your password changes.
- Passwords or any other sensitive information should be handled in a safer way (it will depend on your use case).
In this particular case (which seems a non production case). Using ENV and ARG together would be the best approach:
ARG MSQL_SERVER_VERSION=2017-latestFROM microsoft/mssql-server-linux:$MSQL_SERVER_VERSION as sqlbaseWORKDIR /usr/src/appCOPY ./sql-scripts /usr/src/appARG MSSQL_SA_PASSWORD=P@55w0rdENV MSSQL_SA_PASSWORD $MSSQL_SA_PASSWORDENV ACCEPT_EULA=YRUN /opt/mssql/bin/sqlservr --accept-eula & sleep 10 \ && /opt/mssql-tools/bin/sqlcmd -S localhost -U SA -P $MSSQL_SA_PASSWORD -i ./init.sql \ && pkill sqlservrHaving MSSQL_SA_PASSWORD as an ARG and assigning its value to the MSSQL_SA_PASSWORD environment variable makes your Dockerfile more flexible. This also let you use it at the RUN command to avoid redundancy.
You can learn more about how ENV, ARG (and its scope) work in Dockerfile reference.