docs
INTEGRATE

Docker

You can use Phase run to inject secrets to your application process during runtime. There is no need for you to change any code or add a dependency.

Prerequisites

  • Have signed up for the Phase Console created an application
  • PHASE_SERVICE_TOKEN

If you are using a Self-Hosted instance of the Phase Console, you may supply PHASE_HOST environment variable with your URL (https://<HOST>).

Docker Run

  1. Set PHASE_SERVICE_TOKEN as a environment variable
export PHASE_SERVICE_TOKEN=<>
  1. Run the container

If you have a .phase.json in your working directory:

docker run --rm --env-file <(phase secrets export) alpine:latest printenv

If not you can manually pass your application name and environment:

docker run --rm --env-file <(phase secrets export --app my-application-name --env production) alpine:latest printenv

Docker by default does not support multi-line secrets when using the --env-file flag.

This technique uses a feature that's available in Bash and some other shells, but might not be available in all environments. If you face any issues, ensure your shell supports process substitution (<() syntax).

Docker Run - Docs

Docker CMD

  1. Installing the Phase CLI in Your Docker Container

To maintain deterministic Docker builds and prevent accidentally breaking things, it's highly recommended to specify the --version flag for production deployments. You can find the latest versions of the CLI at the Phase CLI GitHub releases. If no --version flag is provided then the latest version of the CLI will be installed.

ENV VERSION=<X.XX.XX>
RUN apk add --no-cache curl && curl -fsSL https://pkg.phase.dev/install.sh | sh -s -- --version $VERSION
  1. Defining Your Container's Start Command

Use CMD to specify the default command to run when starting your container, offering flexibility to override it easily. For initializing the Phase CLI with or without a .phase.json, including the --app and --env flags as context.

For a Single Command:

FROM your-base-image

# ... (other Docker commands, e.g., installing dependencies, copying source code, etc.)

# Use CMD to define the default command. Include --app, --env, and optionally --version flags to specify context.
CMD ["sh", "-c", "phase run --app \"my application name\" --env \"production\" yarn start"]

For Multiple Commands:

FROM your-base-image

# ... (other Docker commands, e.g., installing dependencies, etc.)

# Use CMD to define a series of commands with correct format and escaping, including Phase CLI version specification if needed.
CMD ["sh", "-c", "phase run \"python manage.py migrate && python manage.py runserver payments-api:8000\""]
  1. Providing the PHASE_SERVICE_TOKEN to Your Container

Ensure the PHASE_SERVICE_TOKEN is securely provided to your container for authentication with Phase services.

export PHASE_SERVICE_TOKEN=[pss_env:...]

docker run -e PHASE_SERVICE_TOKEN="$PHASE_SERVICE_TOKEN" your-application-container
Learn more about Docker CMD