python - 如何在 Docker 中保留 dotenv 机密?
问题描述
我有一个本地开发人员。环境,我使用 SQLAlchemy 连接到 SQL DB。我执行以下操作以获取秘密.env:
import os
from urllib.parse import quote_plus
import sqlalchemy as sa
from dotenv import load_dotenv
from sqlalchemy import create_engine
from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy.orm import sessionmaker
load_dotenv()
SERVER = os.getenv("SERVER_NAME")
DATABASE = os.getenv("DB_NAME")
USERNAME = os.getenv("USERNAME")
PASSWORD = os.getenv("PASSWORD")
PORT = os.getenv("PORT", default=1433)
DRIVER = os.getenv("DRIVER")
# connect using parsed URL
odbc_str = 'DRIVER='+DRIVER+';SERVER='+SERVER+';PORT='+PORT + \
';DATABASE='+DATABASE+';UID='+USERNAME+';PWD='+PASSWORD
connect_str = 'mssql+pyodbc:///?odbc_connect=' + quote_plus(odbc_str)
# connect with sa url format
sa_url = f"mssql+pyodbc://{USERNAME}:{PASSWORD}@{SERVER}:{PORT}/{DATABASE}?driver={DRIVER}"
SQLALCHEMY_DATABASE_URL = connect_str
engine = create_engine(SQLALCHEMY_DATABASE_URL, echo=True, future=True)
SessionLocal = sessionmaker(
autocommit=False, autoflush=False, bind=engine, future=True)
Base = declarative_base()
当我在容器中运行我的应用程序时,它会失败,因为秘密变量是None. 我可以将我的.env文件添加到我的容器中吗?如果可以,如何添加?
我的 Dockerfile:
FROM python:3.8-slim-buster
EXPOSE 8000
# Keeps Python from generating .pyc files in the container
ENV PYTHONDONTWRITEBYTECODE=1
# Turns off buffering for easier container logging
ENV PYTHONUNBUFFERED=1
# build variables.
ENV DEBIAN_FRONTEND noninteractive
# install Microsoft SQL Server requirements.
ENV ACCEPT_EULA=Y
RUN apt-get update -y && apt-get update \
&& apt-get install -y --no-install-recommends curl gcc g++ gnupg unixodbc-dev
# Add SQL Server ODBC Driver 17 for Ubuntu 18.04
RUN curl https://packages.microsoft.com/keys/microsoft.asc | apt-key add - \
&& curl https://packages.microsoft.com/config/debian/10/prod.list > /etc/apt/sources.list.d/mssql-release.list \
&& apt-get update \
&& apt-get install -y --no-install-recommends --allow-unauthenticated msodbcsql17 mssql-tools \
&& echo 'export PATH="$PATH:/opt/mssql-tools/bin"' >> ~/.bash_profile \
&& echo 'export PATH="$PATH:/opt/mssql-tools/bin"' >> ~/.bashrc
# Install pip requirements
COPY requirements.txt .
RUN python -m pip install -r requirements.txt
WORKDIR /app
COPY . /app
# Creates a non-root user with an explicit UID and adds permission to access the /app folder
# For more info, please refer to https://aka.ms/vscode-docker-python-configure-containers
RUN adduser -u 5678 --disabled-password --gecos "" appuser && chown -R appuser /app
USER appuser
# During debugging, this entry point will be overridden.
CMD ["gunicorn", "--bind", "0.0.0.0:8000", "-k", "uvicorn.workers.UvicornWorker", "main:app"]
我已经查看了Docker Secrets文档,但我不确定该怎么做。
解决方案
您不会将它们保留在图像中。相反,您将 envfile 的内容docker run从外部传递给命令。
docker run --env-file=.env my-container
也可以单独传入环境变量:
docker run -e SERVER_NAME=... my-container
(您也可以使用-v挂载到 envfile 中,但是当您可以执行上述操作时确实没有意义。)
推荐阅读
- c# - 生成控制器时,“视图模型”需要主键”错误
- javascript - 无法读取 admin.firestore.collection.doc.get.then.doc 中未定义的属性“firstName”
- java - HTTP代码返回后如何通知客户端异常
- r - 对 tobit 进行摘要时出错:$ 运算符对原子向量无效
- javascript - 从从 localStorage 导入的字符串中删除引号
- javascript - 创建元素后Vuetify滚动
- python - 仅使用标准库在 Python 中打开 SSH 会话
- sublimetext2 - Sublime Text 中的德语引号
- xml - 如何将 XML 文件可视化为图形?
- spring-roo - 无法在 macOS Mojave 10.14 中安装 Spring Roo 2