Fixing CLICKUP_API_KEY in docker-compose.yml using Environment Variables
TL;DR: I fixed an issue with the CLICKUP_API_KEY in the riviera-industrial-erp repository by modifying the docker-compose.yml file to use environment variables from a .env file. This change allows for more secure and flexible management of API keys.
The Problem
The problem was that the CLICKUP_API_KEY was hardcoded in the docker-compose.yml file. This is a security risk because sensitive information like API keys should not be committed to version control. The error message or symptom was not explicitly mentioned, but the commit message fix: CLICKUP_API_KEY en docker-compose.yml via ${} desde .env host suggests that the goal was to use environment variables to inject the API key.
What I Tried First
Before making the change, I likely tried to find a way to use environment variables in the docker-compose.yml file. I may have searched for documentation on how to use environment variables in Docker Compose. The first approach might have involved using a .env file, but I needed to confirm the correct syntax.
The Implementation
The implementation involved modifying the docker-compose.yml file to use environment variables from a .env file. Specifically, I added the following lines to the docker-compose.yml file:
services:
# ... other services ...
environment:
- DISABLE_RATE_LIMIT="true"
- CLICKUP_API_KEY=${CLICKUP_API_KEY}
And I also created a .env file in the host machine with the following content:
CLICKUP_API_KEY=your_api_key_here
The ${CLICKUP_API_KEY} syntax tells Docker Compose to look for an environment variable named CLICKUP_API_KEY in the host machine's environment. If it's not found, it will use the value from the .env file.
The diff for this change is:
@@ -32,6 +32,8 @@ services:
NEXTAUTH_SECRET: changeme-en-produccion
NEXTAUTH_URL: http://localhost:3200
STORAGE_DRIVER: local
+ DISABLE_RATE_LIMIT: "true"
+ CLICKUP_API_KEY: ${CLICKUP_API_KEY}
Key Takeaway
The key takeaway from this experience is that using environment variables in Docker Compose files can help improve security and flexibility. By storing sensitive information like API keys in a .env file, you can avoid committing them to version control and make it easier to manage different environments.
What's Next
The next step is to ensure that the .env file is properly secured and not committed to version control. This can be done by adding the .env file to the .gitignore file and using a secrets manager or environment variable management tool to store sensitive information.
vibecoding #buildinpublic #docker #docker-compose #environment-variables
Part of my Build in Public series — sharing the real process of building Building Riviera Industrial ERP from Playa del Carmen, México.
Repo: zaerohell/riviera-industrial-erp · 2026-07-05
#playadev #buildinpublic
Top comments (0)