#### Setup production env vars for CircleCI, docker-compose, Laravel

I have an old php/laravel project which runs with docker-compose for production. I never had any issues although I am now trying to do some maintenance on it. I have a step in my CircleCI config through which I create a .env file with the variables set in the Environment variables section on the CircleCI dashboard.

some-job:
steps:
- checkout
- run:
name: Setup .env
command: |
echo APP_NAME=${APP_NAME} >> .env echo APP_ENV=${APP_ENV} >> .env


Once this step is done, I’ve got several steps todo like pulling the code from dockerhub and then I deploy it by having yet another step like so:

- run:
name: Deploy
command: |
docker-compose -f docker-compose.live.yml -p project_name up -d


The docker-compose.live.yml on each of my containers points to the .env created in the previous step by the option env_file: .env.

Does this pose any security-related issues? What would be a better alternative?

Source: Laravel