How do you use Docker build secrets with Docker Compose?

Question

Using the docker build command line I can pass in a build secret as follows

docker build \
  --secret=id=gradle.properties,src=$HOME/.gradle/gradle.properties \
  --build-arg project=template-ms \
  .

Then use it in a Dockerfile

# syntax = docker/dockerfile:1.0-experimental

FROM gradle:jdk12 AS build
COPY *.gradle .
RUN --mount=type=secret,target=/home/gradle/gradle.properties,id=gradle.properties gradle dependencies
COPY src/ src/
RUN --mount=type=secret,target=/home/gradle/gradle.properties,id=gradle.properties gradle build
RUN ls -lR build
FROM alpine AS unpacker
ARG project
COPY --from=build /home/gradle/build/libs/${project}.jar /tmp
RUN mkdir -p /opt/ms && unzip -q /tmp/${project}.jar -d /opt/ms && \
  mv /opt/ms/BOOT-INF/lib /opt/lib
FROM openjdk:12
EXPOSE 8080
WORKDIR /opt/ms
USER nobody
CMD ["java", "-Xdebug", "-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=0.0.0.0:8000", "-Dnetworkaddress.cache.ttl=5", "org.springframework.boot.loader.JarLauncher"]
HEALTHCHECK --start-period=600s CMD curl --silent --output /dev/null http://localhost:8080/actuator/health
COPY --from=unpacker /opt/lib /opt/ms/BOOT-INF/lib
COPY --from=unpacker /opt/ms/ /opt/ms/

I want to do a build using docker-compose, but I can't find in the docker-compose.yml reference how to pass the secret.

That way the developer just needs to type in docker-compose up

Answer 1

You can use environment or args to pass variables to container in docker-compose.

args: - secret=id=gradle.properties,src=$HOME/.gradle/gradle.properties

environment: - secret=id=gradle.properties,src=$HOME/.gradle/gradle.properties