Alpine Linux (Docker): Cannot reference env vars in shell

Hey everyone!

I’m currently trying to integrate Doppler into Gitlab CI and I came across a rather weird behavior.
To be honest, I’m not fully convinced that this is a bug in Doppler, but rather a quirk in the Alpine Linux shell. Since many Docker images are based on these small images I’m sure someone here came across the issue as well.

Context: Running a CI job in Gitlab using the ‘amaysim/serverless:2.18.0’ image as base. I can install Doppler, it also loads all variables correctly, but the variables are not substituted when I run ‘doppler run – somecommand --foo $BAR’.

This can be reproduced locally in the following way:

docker run -it -e DOPPLER_TOKEN=YOURTOKENHERE  alpine
> apk add curl
> curl -Ls https://cli.doppler.com/install.sh | sh
> doppler run -- printenv  # <- All perfect here (loads AWS_ACCESS_KEY_ID)
> echo $DOPPLER_TOKEN      # <- Still as expected
> doppler run -- echo $AWS_ACCESS_KEY_ID    # <- !!! Empty !!!!
> doppler run -- echo $DOPPLER_TOKEN        # <- Shown as expected

My verdict is:

  1. Doppler CLI loads all variables correctly (correct value for AWS_ACCESS_KEY_ID)
  2. Variables that are available in the shell (e.g. DOPPLER_TOKEN) can be referenced both directly in the shell (echo $DOPPLER_TOKEN) as well as in the Doppler command (doppler run – echo $DOPPLER_TOKEN)
  3. Doppler variables are present to commands run by Doppler (doppler run – printenv)
  4. Doppler variables are not present in the Doppler shell (doppler run – echo $AWS_ACCESS_KEY_ID)

Here is what I tried so far (without success):

  • /bin/sh -c “doppler run – echo $AWS_ACCESS_KEY_ID”
  • doppler run --command “echo $AWS_ACCESS_KEY_ID”
  • doppler run --command “/bin/sh -c ‘echo $AWS_ACCESS_KEY_ID’”

What “works” is creating a script:

#!/bin/sh
echo $AWS_ACCESS_KEY_ID

and then run it: doppler run – ./test.sh

But for some freaking reason, the variables cannot be referenced directly in the shell. Highly frustrating!

I’m a bit at a loss on how to solve this and would really appreciate some input.

Best wishes,
Johannes

Hey Johannes,

Your commands are really close, and your second example would have worked if you had escaped the $ character. The is because the shell is interpreting your variable before doppler sees it.

doppler run --command “echo \$AWS_ACCESS_KEY_ID”

Also, here are three alternatives:

# Using the `--command` flag (recommended)
doppler run --command 'echo $DOPPLER_PROJECT' # single-quote form, no need to escape variable

# Using `printenv` to access a specific environment variable
doppler run -- printenv DOPPLER_PROJECT

# Execute the command using a specific shell (sh used in this case)
doppler run -- sh -c 'echo $DOPPLER_PROJECT'

Ahhh this makes so much more sense now. I never thought about it that environment variables are resolved the moment I run a command, giving the doppler cli no chance to replace them with the loaded variables. So I suppose this has nothing to do with Alpine whatsoever but is just due to how the shell works. I probably haven’t encountered this before since I never needed to use the environment variables directly in the command.

Thank you for your quick reply, it’s all now working as expected :slight_smile:

2 Likes