How do I pass environment variables to Docker containers?

To pass environment variables to Docker containers, you can use several methods depending on your workflow. Below are detailed explanations with examples for each approach:

1. Using -e or --env in docker run

Set individual variables directly in the command line.

Example 1: Single Variable

docker run -e "APP_ENV=production" my-image

Example 2: Multiple Variables

docker run \
  -e "DB_HOST=db.example.com" \
  -e "DB_PORT=5432" \
  my-image

Example 3: Pass Host Environment Variables

Pass a variable from your host machine to the container:

# Host variable
export API_KEY="secret123"

# Pass it to the container
docker run -e "API_KEY" my-image

2. Using an Environment File (--env-file)

Store variables in a file (e.g., .env) and load them in bulk.

Step 1: Create an .env File

# .env
APP_ENV=staging
DB_HOST=localhost
DB_PORT=3306

Step 2: Run the Container

docker run --env-file .env my-image

3. In Docker Compose

Define variables in your docker-compose.yml file.

Example 1: Inline Variables

services:
  app:
    image: my-image
    environment:
      - APP_ENV=production
      - DB_HOST=db

Example 2: Load from an Environment File

services:
  app:
    image: my-image
    env_file:
      - .env  # Load variables from .env

Example 3: Override Variables

Variables in environment take precedence over those in env_file:

services:
  app:
    image: my-image
    env_file: .env
    environment:
      - APP_ENV=development  # Overrides APP_ENV in .env

4. Set Defaults in the Dockerfile

Define default variables in your Dockerfile (override at runtime).

Dockerfile

FROM alpine
ENV APP_ENV="development" DB_PORT="3306"

Override at Runtime

docker run -e "APP_ENV=production" my-image

5. Security Best Practices

• Avoid Hardcoding Secrets: Use --env-file for sensitive data and exclude .env from version control.
• Docker Secrets: For sensitive data (e.g., passwords), use Docker Swarm secrets or bind mounts:

  echo "secret123" | docker secret create db_password -
  docker service create --secret db_password my-image

Verification

Check if variables are set in the container:

# Print all environment variables in the container
docker run --rm -e "TEST_VAR=hello" alpine env

Common Pitfalls

• Incorrect File Format: Ensure .env files use VAR=value without spaces.
• Variable Precedence: Command-line (-e) variables override Dockerfile and Compose variables.
• Case Sensitivity: Environment variable names are case-sensitive (e.g., DB_HOST ≠ db_host).

Summary Table

Method	Use Case	Example
docker run -e	Ad-hoc variables or CI/CD pipelines	docker run -e "VAR=value" my-image
--env-file	Bulk variables or sensitive data	docker run --env-file .env my-image
Docker Compose environment	Define variables in Compose for multi-service setups	environment: [VAR=value]
Docker Compose env_file	Load variables from a file in Compose	env_file: .env
Dockerfile ENV	Set default values (override at runtime)	ENV VAR="default"

By using these methods, you can dynamically configure Docker containers for different environments (development, staging, production) while keeping sensitive data secure.