Passing environment variables to docker containers

I’d like to pass an API key to a docker container, but I can’t figure out if there is a way to do it. Obviously I don’t want to keep the key in my source files.

            - image: circleci/node:12.16.0
            - image: ourCustomImage:latest
              command: sh -c "API_KEY=${API_KEY} node app ."
                  API_KEY: $API_KEY

The problem is that the environment variables cannot be used in the environment, entrypoint or command attributes. Or am I missing a trick?

I found similar post Passing dynamic environment variable to a secondary docker container which offers zero answers. But it’s a year old, so I’m trying my luck.

Thanks in advance!


If env var interpolation still does not work for entrypoints and commands, you could try abandoning secondary Docker containers in the CircleCI infra, and spin up your images in Docker Compose inside your build container. I presume that you will have more control over the env vars you inject into the containers that way.

Not to beat a dead horse. Was any progress made in this regard? I can go the docker-compose route but not being able mapping the ports to the host makes it tricky to use in my case.

Thank you!

I see that the feature does work. I created a simple test case where I am able to pass an environment variable from Circle CI into a container. Circle CI masks the value in the output, but I can confirm that before I actually had the Circle CI project environment variable set, the output was “$foo” because no environment variable was defined. circle-ci-test/config.yml at main · buchs/circle-ci-test · GitHub ← source repo. CI job output:
Screen Shot 2021-05-12 at 4.00.56 PM

In the event the repo goes away, here is the config.yml:

      - image: alpine
      FOO: $foo
      - run: sh -c env

Thank you Kevin!

I extended your simple test example to demonstrate where it fails to work in my case. Here is the PR with a bit of description. chore: test executor by dmi3y · Pull Request #1 · buchs/circle-ci-test · GitHub

Hopefully would be useful to understand the use-case.

I spent time on this and ended up using this:

Inside of CircleCI config.yaml:

docker build -f Dockerfile --build-arg FOO_VERSION="$(./foo_echo_version_script)" -t $(pwd | xargs basename):latest .

Then in my Dockerfile:


Now MY_FOO_VERSION was available inside my container at run time.