Philipp Garbe describes how to pass environment variables that you want to keep private to a public Docker instance run on Amazon Web Services (beanstalk or ECS) in his post How to Run HuBot in Docker on AWS EC2 Container Services – Part 3. The trick is:
- Put them into an
env.shfile that you can source on S3 (and allow the appropriate EC2 IAM role to access it)
- As a part of your startup CMD, run
aws s3 cpto fetch and then source it
Here is his example of the CMD from a Dockerfile:
CMD ["/bin/sh", "-c", "aws s3 cp --region eu-west-1 s3://your-bucket/env.sh .; . ./env.sh; bin/hubot --adapter slack"]
See the full source code in his GitHub repo. Thanks for sharing, Phillipp!