Skip to content

compose.md

Latest commit

 

History

History
82 lines (58 loc) · 4.09 KB

compose.md

File metadata and controls

82 lines (58 loc) · 4.09 KB

Return to Index

Tip

All configuration options can be set via command line arguments OR environment variables. CLI arguments take precedence.

locket compose

Docker Compose provider API

Options

Command Env Default Description
--project-name COMPOSE_PROJECT_NAME Compose Project Name

locket compose up

Injects secrets into a Docker Compose service environment with docker compose up

Options

Command Env Default Description
--provider SECRETS_PROVIDER Secrets provider backend to use

Choices:
- op: 1Password Service Account
- op-connect: 1Password Connect Provider
- bws: Bitwarden Secrets Provider
- infisical: Infisical Secrets Provider
--env-file LOCKET_ENV_FILE Files containing environment variables which may contain secret references
--env LOCKET_ENV Environment variable overrides which may contain secret references
<service> Service name from Docker Compose

1Password (op)

Command Env Default Description
--op-token OP_SERVICE_ACCOUNT_TOKEN 1Password Service Account Token

Either provide the token directly or via a file with file: prefix
--op-config-dir OP_CONFIG_DIR Optional: Path to 1Password config directory

Defaults to standard op config locations if not provided, e.g. $XDG_CONFIG_HOME/op

1Password Connect

Command Env Default Description
--connect-host OP_CONNECT_HOST 1Password Connect Host HTTP(S) URL
--connect-token OP_CONNECT_TOKEN 1Password Connect Token

Either provide the token directly or via a file with file: prefix
--connect-max-concurrent OP_CONNECT_MAX_CONCURRENT Maximum allowed concurrent requests to Connect API

Bitwarden Secrets Provider

Command Env Default Description
--bws-api-url BWS_API_URL Bitwarden API URL
--bws-identity-url BWS_IDENTITY_URL Bitwarden Identity URL
--bws-max-concurrent BWS_MAX_CONCURRENT Maximum number of concurrent requests to Bitwarden Secrets Manager
--bws-user-agent BWS_USER_AGENT BWS User Agent
--bws-token BWS_MACHINE_TOKEN Bitwarden Machine Token

Either provide the token directly or via a file with file: prefix

Infisical Secrets Provider

Command Env Default Description
--infisical-url INFISICAL_URL The URL of the Infisical instance to connect to
--infisical-client-secret INFISICAL_CLIENT_SECRET The client secret for Universal Auth to authenticate with Infisical.

Either provide the token directly or via a file with file: prefix
--infisical-client-id INFISICAL_CLIENT_ID The client ID for Universal Auth to authenticate with Infisical
--infisical-default-environment INFISICAL_DEFAULT_ENVIRONMENT The default environment slug to use when one is not specified
--infisical-default-project-id INFISICAL_DEFAULT_PROJECT_ID The default project ID to use when one is not specified
--infisical-default-path INFISICAL_DEFAULT_PATH The default path to use when one is not specified
--infisical-default-secret-type INFISICAL_DEFAULT_SECRET_TYPE The default secret type to use when one is not specified

Choices:
- shared
- personal
--infisical-max-concurrent INFISICAL_MAX_CONCURRENT Maximum allowed concurrent requests to Infisical API
--log-level LOCKET_LOG_LEVEL debug Log level

Choices:
- trace
- debug
- info
- warn
- error

locket compose down

Handler for Docker Compose down, but no-op because secrets are not persisted

No options.

locket compose metadata

Handler for Docker Compose metadata command so that docker can query plugin capabilities

No options.