define the DP_PW variable using the specific format shown here:
version: '3.4'
services: dataapidocker :
image: ${DOCKER_REGISTRY-}dataapidocker build:
context: .
dockerfile: DataAPIDocker/Dockerfile environment:
- DB_PW=eiluj
Don’t forget to remove the DB_PW variable completely from the Dock- erfile. Docker-compose will make sure the variable gets passed into the running container, but it won’t exist in the image itself.
Now, to run the project, you’ll need
to be sure that the docker-compose
solution folder is set as the startup
project. Notice that the debug but-
ton is set to Docker Compose. To see
the magic unfold, put a breakpoint in
startup where the code is building
up the connection string and then
debug the app. You should see that Configuration["DB_PW"] is indeed
able to find the value passed in from docker-compose.
And, Finally, Moving the Secret
Value out of Docker-Compose
I used the tooling to add the container orchestration, the docker.ignore file that the tooling created lists .env files, so those won’t get accidentally pushed to your source control.
Visual Studio won’t let you add a file to the docker-compose project, so I got around that by adding the new text file to the Solution Items folder, then moving it into the docker- compose project.
I’ll put my secret into the .env file and the file contents are simply:
DB_PW=eiluj
Figure 3 shows what my final solu- tion looks like.
In this way, I can just set the pass- word while I’m developing and debugging the app and not worry about having it in any files I might share. Plus, I have options to provide other variable configuration information.
My secret is still plain text, how- ever, which is fine on my machine. You’ll likely want to encrypt these
in production, though. Elton Stoneman provides guidance for this in his book, “Docker on Windows, Second Edition” (Packt Publish- ing, February 2019).
Next Steps
One obvious next step for me would be to deploy the container and work out how to get the environment variable with the password for my Azure SQL database into a container instance. This challenge took a lot of reading and experimenting and as I’ve run out of room for this installment, I’ve blogged about doing this fully in Azure at bit.ly/2FHdbAM. I’ve also written about publishing to Docker and host- ing in an Azure Virtual Machine for the Docker blog. I’ll update the online version of this article with the URL for that when its available.
The plan for the next installment of this multi-part column is to transition from targeting the Azure SQL Database to a SQL Server database in its own container. This will combine what’s been learned thus far about docker-compose with lessons from an earlier col- umn (“On-the-Fly SQL Servers with Docker” at msdn.com/magazine/ mt784660). The two referenced blog posts will cover publishing the images and running the containers in the cloud. n
Julie lerman is a Microsoft Regional Director, Microsoft MVP, software team coach and consultant who lives in the hills of Vermont. You can find her presenting on data access and other topics at user groups and conferences around the world. She blogs at the thedatafarm.com/blog and is the author of “Programming Entity Framework,” as well as a Code First and a DbContext edition, all from O’Reilly Media. Follow her on Twitter: @julielerman and see her Pluralsight courses at juliel.me/PS-Videos.
Thanks to the following technical experts for reviewing this article: Steven Green and Mike Morton (Microsoft),
Elton Stoneman (Docker)
Figure 3 The Final Solution Including the New .env File
But I still have my secrets in the docker-compose file and you know and I know that at some point I’m going to push that to my public source control by mistake. Docker-compose runs on my machine, not inside the Docker image. That means docker-compose can access information on the host. I could create an environment variable on my dev machine to store the password and let docker-compose discoverit.Youcanevencreatetemporaryenvironmentvariables in the Visual Studio Package Manager Console. But Docker offers an even better option with its support for reading .env files.
Now, to run the project, you’ll need to be sure that the docker-compose solution folder is set as the startup project.
By default, docker-compose will read a file called “.env.” There’s no base to the file name, just “.env.” It’s also possible to name .env files and in docker-compose, use the env_file mapping to specify it in the service description. See my blog post at bit.ly/2CR40x3 for more information on named .env files.
Youcanusethesetostorevariables,suchasaconnectionstrings, for example, dev.env, test.env or production.env; or for secrets. When
12 msdn magazine
Data Points