GuideJuly 14, 20266 min read

Syncing Dev Configs into Docker Containers

Stop fighting with bare-bones containers. Get your full development environment inside Docker with encrypted configs, proper Git setup, and shell customizations.

The Container Config Problem

You spin up a Docker container for development and immediately hit a wall. No Git configuration. No shell aliases. No SSH keys. The container is a blank slate, and you are stuck running git config --global user.name for the hundredth time.

Most developers reach for volume mounts as a quick fix. But volume mounts have serious limitations: they expose plaintext secrets, break when paths differ between host and container, and do not work across different host operating systems.

The Volume Mount Approach (and Its Limits)

The simplest approach is mounting config files directly into the container:

docker run with volume mounts
docker run -it \ -v ~/.gitconfig:/root/.gitconfig \ -v ~/.ssh:/root/.ssh:ro \ -v ~/.zshrc:/root/.zshrc \ my-dev-image

This works for simple cases but falls apart quickly. Your SSH keys are mounted as plaintext. If the container runs as a different user, permissions break. And you need to remember which files to mount every time.

ApproachEncryptionCross-PlatformMaintenance
Volume mountsNoneFragileManual per container
COPY in DockerfileNone (baked in image)WorksRebuild on change
ConfigSync pullAES-128 encryptedAutomaticZero maintenance

Better: Install ConfigSync in Your Container

Instead of mounting files, install ConfigSync inside the container and pull your configs at runtime. This keeps secrets encrypted until they are needed and works identically regardless of the host OS.

Dockerfile
FROM node:20-bookworm # Install ConfigSync RUN npm install -g @inventivehq/configsync # Your app setup WORKDIR /app COPY . . RUN npm install

Then pull your configs when the container starts, using a token passed as an environment variable:

Entrypoint script
#!/bin/bash # Pull dev configs if token is available if [ -n "$CS_TOKEN" ]; then configsync setup --token "$CS_TOKEN" configsync pull --filter modules:git,modules:ssh,modules:zsh fi # Start your application exec "$@"
Security note: Pass your ConfigSync token as a runtime environment variable, never bake it into the image. Use Docker secrets or environment files for production setups.

Docker Compose Integration

For multi-container development setups, add ConfigSync to your entrypoint in Docker Compose. Every service that needs dev configs gets them automatically:

docker-compose.yml
services: app: build: . environment: - CS_TOKEN=${CS_TOKEN} entrypoint: ["/bin/bash", "-c", "configsync setup --token $CS_TOKEN && configsync pull && npm start"] worker: build: . environment: - CS_TOKEN=${CS_TOKEN} entrypoint: ["/bin/bash", "-c", "configsync setup --token $CS_TOKEN && configsync pull --filter modules:git && npm run worker"]

The --filter flag lets each service pull only the configs it needs. Your app container gets everything; the worker only needs Git configuration.

The Docker Module

ConfigSync includes a dedicated Docker module that syncs your Docker configuration itself. The ~/.docker/config.json file contains registry authentication tokens, and the Docker module encrypts these before syncing.

Sync Docker registry credentials
# Scan detects Docker automatically configsync scan # Or add manually configsync add module docker # Push encrypted Docker config configsync push

This means when you pull on a new machine or inside a container, your private registry access is already configured. No more docker login on every new environment.

Putting It All Together

The ideal container development workflow with ConfigSync looks like this: build your image once with ConfigSync installed, pass your token at runtime, and pull only the modules each container needs. Your Git identity, SSH keys, shell config, and registry credentials all arrive encrypted and are decrypted only inside the running container.

No more volume mount spaghetti. No more plaintext secrets in Docker commands. Just one tool that gives every container your full development environment.

Ready to try ConfigSync?

Sync your entire dev environment across machines in minutes. Free forever for up to 3 devices.

Get StartedRead the Docs