$ Linux One Liners
Back to lessons

Cybersecurity Triage

Inspect Container Environment Names

You need to know whether expected env vars are present, but dumping values may expose credentials.

Command

docker inspect --format '{{range .Config.Env}}{{println .}}{{end}}' api | sed 's/=.*$/=/'

What changed

Nothing changes. Docker reads container configuration and the shell redacts values in terminal output.

Danger

caution

When to use it

Use when checking whether config keys are present during auth, database, or API failures.

When not to use it

Do not rely on this for perfect secret handling in shell history, logs, or copied output from other commands.

Undo or recovery

No undo needed because this command is read-only.

Expected output

DATABASE_URL=

demo script

Disposable terminal steps

  1. docker inspect --format '{{range .Config.Env}}{{println .}}{{end}}' api | sed 's/=.*$/=/'
  2. docker inspect --format '{{json .Config.Labels}}' api
Terminal transcript Demo JSON

simulated output

What it looks like

disposable vessel 
::fixture-ready::
$ docker inspect --format '{{range .Config.Env}}{{println .}}{{end}}' api | sed 's/=.*$/=/'
APP_ENV=
DATABASE_URL=
REDIS_URL=
::exit-code::0
$ docker inspect --format '{{json .Config.Labels}}' api
{"com.example.service":"api","com.example.release":"2026-06-25"}
::exit-code::0

YouTube Short

Check env vars without leaking values.

Docker inspect can print secrets if you are careless. This version lists environment variable names and redacts values.

LinkedIn hook

Check what environment variables exist without printing their secret values.

Question: Have you seen secrets accidentally pasted from docker inspect output?

experiments

A/B tests to run

Metric: comment_rate

A: Docker inspect can leak secrets.

B: Check env vars without printing credentials.