> ## Documentation Index
> Fetch the complete documentation index at: https://infisical-devin-1781641701-docs-github-pat-fine-grained.mintlify.site/llms.txt
> Use this file to discover all available pages before exploring further.

# Docker Compose

> Find out how to use Infisical to inject environment variables into services defined in your Docker Compose file.

Prerequisites:

* Set up and add envars to [Infisical Cloud](https://app.infisical.com)

## Configure the Infisical CLI for each service

Follow this [guide](./docker) to configure the Infisical CLI for each service that you wish to inject environment variables into; you'll have to update the Dockerfile of each service.

<Tabs>
  <Tab title="Machine Identity (Recommended)">
    ### Generate and configure machine identity

    Generate a machine identity for each service you want to inject secrets into. You can do this by following the steps in the [Machine Identity](/documentation/platform/identities/machine-identities) guide.

    ### Set the machine identity client ID and client secret as environment variables

    For each service you want to inject secrets into, generate the required `INFISICAL_TOKEN_SERVICE_A` and `INFISICAL_TOKEN_SERVICE_B`.

    ```yaml theme={null}
    # Example Docker Compose file
    services:
      web:
        build: .
        image: example-service-1
        environment:
          - INFISICAL_TOKEN=${INFISICAL_TOKEN_SERVICE_A}

      api:
        build: .
        image: example-service-2
        environment:
          - INFISICAL_TOKEN=${INFISICAL_TOKEN_SERVICE_B}

    ```

    ### Export shell variables

    Next, set the shell variables you defined in your compose file. This can be done manually or via your CI/CD environment. Once done, it will be used to populate the corresponding `INFISICAL_TOKEN_SERVICE_A` and `INFISICAL_TOKEN_SERVICE_B` in your Docker Compose file.

    ```bash theme={null}
    #Example

    # Token refers to the token we generated in step 2 for this service
    export INFISICAL_TOKEN_SERVICE_A=$(infisical login --method=universal-auth --client-id=<your-client-id> --client-secret=<your-client-secret> --silent --plain)
    export INFISICAL_TOKEN_SERVICE_B=$(infisical login --method=universal-auth --client-id=<your-client-id> --client-secret=<your-client-secret> --silent --plain)

    # Then run your compose file in the same terminal.
    docker-compose ...
    ```
  </Tab>

  <Tab title="Service Token">
    ## Generate service token

    Generate a unique [Service Token](/documentation/platform/token) for each service.

    ## Feed service token to your Docker Compose file

    For each service you want to inject secrets into, set an environment variable called `INFISICAL_TOKEN` equal to a unique identifier variable.

    In the example below, we set `INFISICAL_TOKEN_FOR_WEB` and `INFISICAL_TOKEN_FOR_API` as the `INFISICAL_TOKEN` for the services.

    ```yaml theme={null}
    # Example Docker Compose file
    services:
      web:
        build: .
        image: example-service-1
        environment:
          - INFISICAL_TOKEN=${INFISICAL_TOKEN_FOR_WEB}

      api:
        build: .
        image: example-service-2
        environment:
          - INFISICAL_TOKEN=${INFISICAL_TOKEN_FOR_API}
    ```

    ## Export shell variables

    Next, set the shell variables you defined in your compose file. This can be done manually or via your CI/CD environment. Once done, it will be used to populate the corresponding `INFISICAL_TOKEN`
    in your Docker Compose file.

    ```bash theme={null}
    #Example

    # Token refers to the token we generated in step 2 for this service
    export INFISICAL_TOKEN_FOR_WEB=<token>

    # Token refers to the token we generated in step 2 for this service
    export INFISICAL_TOKEN_FOR_API=<token>

    # Then run your compose file in the same terminal.
    docker-compose ...
    ```
  </Tab>
</Tabs>