-1

I have a supervisord file where like this

[program:decrypt]
command=export KEYTOKEN=$(aws kms decrypt --ciphertext-blob fileb://<(echo %(ENV_TOKENENC)s | base64 -d) --output text --query Plaintext --region %(ENV_REGION)s | base64 -d )

I am passing the environment ENV_TOKENENC,ENV_REGION to the container and I can echo those variables and confirm that the docker container is getting them, also the command to decrypt kms value also works.But when I put the kms decrypt command in supervised file it throws error saying ('ENV_REGION')&('ENV_CONSULTOKENENC') which cannot be expanded. Am I putting the right value in supervisord file?

Rob
  • 150
  • 1
  • 4
  • 17
  • It's really best to put this kind of logic in a script and execute the script. – Charles Duffy May 07 '18 at 19:34
  • `supervisord` doesn't start a shell implicitly, so you can't use shell expansions, *unless* you run `command=/bin/sh -c 'export ...; ...'` or such. That's harder to maintain and debug than an external script, however, so I rather strongly suggest the latter. – Charles Duffy May 07 '18 at 19:34

1 Answers1

0

Setting an environment variable is easy, if you're setting it to a constant value:

[program:decrypt]
command=/usr/bin/env foo=bar baz=qux /path/to/something ...

or, with less overhead:

environment=foo="bar",baz="qux"
command=/path/to/something ...

However, dynamically generating that variable's value requires a shell:

[program:decrypt]
command=/bin/sh -c 'foo=$(generate-bar) /path/to/something'

Note that export is not actually needed here, as var=value something as part of a single command exports var having value value during the execution of something.

Charles Duffy
  • 280,126
  • 43
  • 390
  • 441