Does Docker-compose only read the configuration at initialization?

Question

I have a Docker-compose file that has several environment variables in it for database users. We have multiple instances of this application each running on its own server, each with a different database user.

My question is: Is the Docker-compose.yaml file read once after running docker-compose build, and not at any point after?

Answer 1

No. Docker-compose reads yaml file every time you execute docker-compose (build, up, info, etc.).

But if you're going towards modification of environment variables during image build or container run - sorry bro, this aint gonna work.

You can modify environment variables during service lifetime (when using swarm) , but this will restart containers. Same when using docker-compose up again on running project.

Although if you wish to have a separate docker-compose files for each of your environment with db usernames and passwords - this will work when you run docker-compose up.

You can also take advantage of possibility to pass multiple yaml files to docker compose and this way you can have a "base" yaml with common definitions, and environment yamls where you will keep stored credentials for each environment.

However, if you are concern about not exposing passwords, env variables are not the solution. check out docker secrets with docker swarm or use external key store to make passwords secure.