Environment Variable Substitution
Dockrion supports environment variable substitution in Dockfile YAML values, letting you keep secrets and environment-specific config out of your Dockfile.
Syntax
Section titled “Syntax”| Pattern | Behavior |
|---|---|
${VAR} | Replaced with the value of environment variable VAR. Raises ValidationError if not set. |
${VAR:-default} | Replaced with the value of VAR if set, otherwise uses default. |
Substitution is applied recursively to all string values in the parsed YAML — nested dicts, lists, and scalar values are all processed.
Examples in Dockfile
Section titled “Examples in Dockfile”auth: api_keys: env_var: ${API_KEY_VAR:-DOCKRION_API_KEY}
secrets: required: - name: OPENAI_API_KEY
streaming: redis: url: ${REDIS_URL:-redis://localhost:6379}
observability: langfuse: public_key: ${LANGFUSE_PUBLIC_KEY} secret_key: ${LANGFUSE_SECRET_KEY}How Env Loading Works
Section titled “How Env Loading Works”Before substitution, Dockrion loads environment variables from multiple sources. The loading happens in load_dockspec() via load_env_files():
File Discovery and Merge Order
Section titled “File Discovery and Merge Order”1. Shell environment (os.environ) ← highest priority2. --env-file flag (if provided) ← explicit override3. .env file (auto-detected in project) ← standard dotenv4. env.yaml / env.yml (if present) ← YAML format env fileLater sources do not override earlier ones. Shell environment always wins.
Auto-detected File Names
Section titled “Auto-detected File Names”| Type | Files checked (in order) |
|---|---|
| Dotenv | .env |
| YAML env | env.yaml, env.yml |
YAML Env File Format
Section titled “YAML Env File Format”OPENAI_API_KEY: sk-...DATABASE_URL: postgresql://localhost/mydbREDIS_URL: redis://localhost:6379Plain key: value pairs. Nested YAML structures are not supported for env files.
Expansion Flow
Section titled “Expansion Flow”Dockfile.yaml (raw) │ ▼yaml.safe_load() → Python dict │ ▼expand_env_vars(data) ├── walks dict/list recursively ├── for each string value: │ ├── finds ${VAR} patterns │ ├── looks up VAR in merged env │ ├── ${VAR:-default} → uses default if VAR missing │ └── ${VAR} with no default → ValidationError if missing │ ▼DockSpec.model_validate(expanded_data)The expand_env_vars() function from dockrion_sdk handles this. It processes the entire YAML data structure before Pydantic validation, so substituted values participate in all schema validation rules.
Common Patterns
Section titled “Common Patterns”Per-environment secrets
Section titled “Per-environment secrets”# .env (development)OPENAI_API_KEY=sk-dev-key-...DATABASE_URL=postgresql://localhost/dev_db
# .env.productionOPENAI_API_KEY=sk-prod-key-...DATABASE_URL=postgresql://prod-host/prod_dbdockrion run --env-file .env.productionDefaults for optional config
Section titled “Defaults for optional config”expose: port: ${PORT:-8080} host: ${HOST:-0.0.0.0}This lets you override port and host via environment without changing the Dockfile.
Source:
expand_env_vars()inpackages/sdk-python/dockrion_sdk/client.py;load_env_files()inpackages/common-py/dockrion_common/env_utils.py
Previous: 2.8 build config | Next: 2.10 metadata →