programming
environment-variables
command-line-arguments
software-development
coding-best-practices

ARG or ENV, which one to use in this case?

Master System Design with Codemia

Enhance your system design skills with over 120 practice problems, detailed solutions, and hands-on exercises.

In the world of Docker and containerization, efficiently managing environment variables and build-time arguments is crucial. Two primary mechanisms in Dockerfiles to handle this are ARG and ENV. Knowing when and how to use each effectively can enhance the flexibility, security, and configurability of Docker images and containers.

Understanding ARG and ENV

Both ARG and ENV serve different purposes in a Dockerfile:

  • ARG is used to define values that are available at build time.
  • ENV is used to set environment variables that are available during both build time and container runtime.

ARG – Build Time Argument

ARG is a way to pass build-time variables into a Dockerfile. These variables are not preserved in the final image and are only in scope during the image build process.

Syntax:

dockerfile
ARG <name>[=<default_value>]

Example:

dockerfile
1# Dockerfile snippet
2FROM alpine
3ARG VERSION=latest
4RUN echo "The build version is $VERSION"

In the Docker build command, you can override the default value of VERSION:

bash
docker build --build-arg VERSION=1.0 .

Features of ARG:

  • Scope: Available only during the build process.
  • Default Values: Can be initialized with a default which can be overridden during build.
  • No Impact after Build: Cannot be accessed during container runtime.

ENV – Environment Variables

ENV sets an environment variable that will persist both during the image build and when running the container. This makes it particularly useful for setting configurations that the application will need at runtime.

Syntax:

dockerfile
ENV <key>=<value> ...

Example:

dockerfile
1# Dockerfile snippet
2FROM alpine
3ENV MY_ENV_VAR=production
4RUN echo "The environment is set to $MY_ENV_VAR"

Once this image is built and a container is run from it, $MY_ENV_VAR will remain accessible:

bash
docker run --rm <image> sh -c 'echo $MY_ENV_VAR'

Features of ENV:

  • Scope: Available both during the build and at runtime.
  • Default Values: Can be set and overridden at runtime using the -e flag in docker run.
  • Persistence: Persists in the container's environment.

Key Differences and When to Use Which

Below is a table summarizing the key differences and ideal use cases for ARG and ENV.

FeatureARGENV
ScopeBuild-time onlyBuild-time and runtime
PersistenceNot present in the final imagePersistent in container environment
Default ValueCan be set and overridden at buildCan be set and overridden at runtime
Use CaseConditional build instructions (e.g., installations)Configuration setup for applications
SecurityNot ideal for sensitive data (value is visible in image history)Environment can contain sensitive data if necessary

Advanced Uses and Considerations

Multi-stage Builds

In multi-stage Docker builds, ARG can be extremely useful for passing specific variables to different stages, thereby reducing complexity and increasing build efficiency.

Example:

dockerfile
1# Dockerfile snippet for multi-stage build
2FROM golang AS builder
3ARG GO_VERSION=1.17
4RUN go get some_dependency_for_$GO_VERSION
5
6FROM alpine
7COPY --from=builder /go/bin/app /app
8ENTRYPOINT ["/app"]

Security Implications

While ARG values do not persist in the image layer and are not accessible at runtime, they can still be observed in the Docker image history. Hence, they are not ideal for secrets or sensitive data. On the other hand, while ENV variables can be more secure by using a secrets management tool to inject at runtime, they persist in the image and are accessible via container inspection, so sensitive data should be handled with care.

Overriding ENV Values

It's possible to override an ENV variable at runtime by using the docker run -e flag or setting a variable again later in the Dockerfile. This allows for more flexibility but requires careful management to ensure consistent application behavior.

Example:

bash
docker run -e MY_ENV_VAR=development your_image

Conclusion

In summary, selecting between ARG and ENV depends on the stage at which you need the variable. Use ARG for build-time dynamics and ENV for runtime configurations. Careful consideration and proper management of these tools can lead to more organized, flexible, and secure Docker images and applications.


Course illustration
Course illustration

All Rights Reserved.