How to organize environment secrets with docker-compose and Visual Studio

by Mykhailo Konovalov

In recent times I faced the question - how would I set up my development secrets like database passwords, connection strings, sensitive secret data without exposing them to the public world/git?

Visual Studio has a pretty nice feature to organize development secrets named User Secrets. Despite finding it useful to set up some of the appsettings.json substitutions, it's nearly useless when it comes to environment variable configuration used in docker-compose.

I tried several strange things like creating a bash script to populate envs from secrets.json, or adding docker arguments to .dcproj. It took me so long to make a working solution, and it was so dirty, so I end up using
env_file docker-compose configuration alongside with hiding the file from git.

services:
  data:
    image: mongo:4.4.1-bionic
    restart: always
    ports:
    - "27017:27017"
    env_file:
    - .env # placed in the same folder as docker-compose.yml

And .env file is just a plain text with environment variables you need as a
<key>=<value> pair:

MONGO_INITDB_ROOT_USERNAME=root
MONGO_INITDB_ROOT_PASSWORD=************************

And don't forget to add .env to your .gitignore file.

@@ -9,6 +9,7 @@
 *.user
 *.userosscache
 *.sln.docstates
+*.env

 # User-specific files (MonoDevelop/Xamarin Studio)
 *.userprefs

(OPTIONAL) I also find it useful to have a reference in my Visual Studio project to that file so I can edit it on demand.

<ItemGroup>
  <Content Include="..\.env" LinkBase="envs" />
</ItemGroup>