Apps: how to copy environment data to a file

Posted December 29, 2021 162 views
DockerGoDigitalOcean App Platform

Our Go application, previously built as a docker repo, uses NATS and requires a credentials file to load. Their libraries do no support anything else (as far as I can tell.)

I can set the credential file’s contents in an encrypted environment variable, but I have been unable to copy it into place using the “Run Command” configuration option. Setting the command to the following for example just gives back [] during deployment in the logs, which I’m assuming is some kind of security mechanism:

sh -c 'echo $NATS_CREDS_FILE > /app/config/nats.creds'
./app serve

Is there any other way to achieve this? Thanks.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
1 answer

Hey there!

I assume you are building this as a Dockerfile build. If not please let me know.

Environment variables are only available as build-args for Dockerfile builds in App Platform. So you should declare them in the Dockerfile as an ARG and then set the ENV variable in the Dockerfile from the build-arg.

Something like this may work:


TEST_VARIABLE would be the encrypted variable you set in the UI. You could then set the value to a file the same as you have it in your run command.

Hope it helps!

  • Thanks for your reply! We’re using pre-built Dockerfile images from the DigitalOcean Container Registry, so there is no build step.

    According to the Component Configuration screen:

    Your component will have access to these variables at both build time and runtime.

    I haven’t been able to find any documentation yet that suggests what I’m trying to do is not possible.

    • From the app’s console are you able to get back the correct data from that variable?

      echo $$NATS_CREDS_FILE
      • The console isn’t loading, I’m guessing because the application hasn’t been able to launch yet.

        But I did manage to progress a bit. By executing everything inside a sh -c '...' block, it will indeed output the key. It would appear that running docker images is limited to what can be executed. Something like the following gives me more reasonable error output from which I can try and debug what is happening:

        sh -c 'echo $NATS_CREDS_FILE > /tmp/nats.creds &&
        cat /tmp/nats.creds && ./app serve'


        • Okay, finally got it working! I had to manually alter the source credentials so that all newlines were represented as \n, with no other whitespace. Then modify the executing command to:

          sh -c 'echo -e ${NATS_CREDS_FILE} > /tmp/nats.creds && ./app serve'

          The echo -e part will convert the \n and correctly format the output. Running as a single command gets around the command “bug”.

          Thanks again for help!