Onboardbase can be used in a Dockerfile to manage the secrets of any program the Dockerfile is running.


Generating a Service Token

From your Onboardbase dashboard, go to the account page, click on Generate service tokens and give it a name (based on the service you want to use it for). Copy the generated service token and store it as a config variable for the service.



You can authenticate the CLI with Environment variables.
Supported environment variables are:

  • ONBOARDBASE_TOKEN - A service token
  • ONBOARDBASE_PROJECT - an onboardbase project name
  • ONBOARDBASE_ENVIRONMENT - an environment in the specified project

Below is a Dockerfile that inherits from the latest nodejs image.

The highlights are from lines 16 to 26, which installs Onboardbase CLI into the image, then authorizes the CLI with an environment variable ONBOARDBASE_TOKEN, finally creating the setup file using an environment variable as well.

This Dockerfile assumes that the npm scripts in the package.json file have been modified to run through Onboardbase CLI build command.

FROM node:lts-stretch-slim 

# Create and set the working directory for image
RUN mkdir /app

# Copy package.json and package-lock.json to allow using cached packages
COPY package*.json ./

# Install node dependencies
RUN npm install

# Copy source files to the working directory
COPY . .

#install onboardbase
RUN wget \
    sudo dpkg -i ./onboardbase-latest.deb \
    onboardbase --version

# Use ENV to setup the CLI
RUN onboardbase config:set --token $ONBOARDBASE_TOKEN

# Copy Setup from env
RUN echo $ONBOARDBASE_SETUP > ./.onboardbase.yml

# Run a build alias for 'onboardbase run -c="ts-node"'
RUN /usr/local/bin/npm build

# Define command for starting app process
CMD ["/usr/local/bin/npm", "start"]

Building the Image

To successfully build the image, we will use the --build-arg option of the Docker build command to pass environment variables to the Dockerfile. Below shows the full command passing the ONBOARDBASE_TOKEN and ONBOARDBASE_SETUP variables.

docker build \
    --tag "managed-docker-image" \
    --build-arg ONBOARDBASE_TOKEN="STRING" \
    --build-arg ONBOARDBASE_SETUP="STRING" \

Deploying to Kubernetes through Github Actions

We can deploy managed Onboardbase Docker image through GitHub Actions and Dockerhub to a Google Cloud Kubernetes cluster.

The below Github workflow file uses Github secrets to manage the sensitive build credentials, like the ONBOARDBASE_TOKEN and ONBOARDBASE_SETUP

It sets up Google Cloud SDK and authenticates it in the runner, we then build the Managed Dockerfile with the build command passing it the required environment variables and finally pushing the image to Docker hub.

# This is a workflow to deploy the api part of this project to docker

name: Managed App Build

      - "main"

  PROJECT_ID: ${{ secrets.GKE_PROJECT }}
  GKE_CLUSTER: '*******' # Add your cluster name here.
  GKE_ZONE: us-east1-c # Add your cluster zone here.
  DEPLOYMENT_NAME: '*******' # Add your deployment name here
  IMAGE: Managed-Onboard
  GKE_SA_KEY: ${{ secrets.GKE_SA_KEY }}
  GKE_PROJECT: ${{ secrets.GKE_PROJECT }}
  DOCKER_PWD: ${{ secrets.DOCKER_PWD }}

    name: Setup, Build, Publish, and Deploy
    runs-on: ubuntu-latest
      - name: Checkout
        uses: actions/checkout@v2

      # Setup gcloud CLI
      - uses: google-github-actions/[email protected]
          service_account_key: ${{ env.GKE_SA_KEY }}
          project_id: ${{ env.GKE_PROJECT }}

      # Configure docker to use the gcloud command-line tool as a credential helper
      - run: |-
          gcloud --quiet auth configure-docker

      # Get the GKE credentials so we can deploy to the cluster
      - uses: google-github-actions/[email protected]
          cluster_name: ${{ env.GKE_CLUSTER }}
          location: ${{ env.GKE_ZONE }}
          credentials: ${{ secrets.GKE_SA_KEY }}
      - name: Login to DockerHub
        uses: docker/login-action@v1
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PWD }}
      # Build the Docker image using the Dockefile
      - name: Build
        run: |-
          docker build \
            --tag "$IMAGE" \
            --build-arg ONBOARDBASE_TOKEN="${{ env.ONBOARDBASE_TOKEN }}" \
            --build-arg ONBOARDBASE_SETUP="${{ env.ONBOARDBASE_SETUP }}" \
            --build-arg GITHUB_REF="$GITHUB_REF" \

      # Push the Docker image to Docker Registry
      - name: Publish
        run: |-
          docker push "$IMAGE"