Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Access secrets from a Dockerfile #4289

Closed
Tracked by #4366
marcosnils opened this issue Jan 3, 2023 · 2 comments · Fixed by #4971
Closed
Tracked by #4366

Access secrets from a Dockerfile #4289

marcosnils opened this issue Jan 3, 2023 · 2 comments · Fixed by #4971
Labels
kind/dx Issue affects the Dagger developer experience: cue syntax, APIs, etc kind/security kind/user-request PM label used by product management to help track priorities

Comments

@marcosnils
Copy link
Contributor

marcosnils commented Jan 3, 2023
edited

Following up the conversation from this thread: https://discord.com/channels/707636530424053791/1059587293247193320 there's current no straightforward way to send secrets to a build step without making some changes to the Dockerfile.

The current way to achieve this is by leveraging build_args and modifying the Dockerfile as follows:

FROM alpine

ARG SECRET

RUN --mount=type=secret,id=$SECRET,target=/secrets/muysecret \
cat /secrets/muysecret

A possible alternative is to modify the current build step and allow sending secrets:[SecretID!] so Dockerfiles can continue to work without any changes.

type Directory {
   build(context: DirectoryID!, dockerfile: String, build_args: [BuildArg!], secrets:[SecretID!])
}

cc @jlongtine
@marcosnils marcosnils added the kind/dx Issue affects the Dagger developer experience: cue syntax, APIs, etc label Jan 3, 2023
@samalba samalba mentioned this issue Jan 11, 2023
Closed
@shykes
Copy link
Contributor

shykes commented Jan 19, 2023

Is this the same thing as #2550 @sipsma ?

@sipsma
Copy link
Contributor

sipsma commented Jan 19, 2023

Is this the same thing

Yes but I'll close my older pre 0.3 one since this one has a proposal in terms of the new API

@sipsma sipsma mentioned this issue Jan 19, 2023
Closed
@shykes shykes changed the title Improve secrets DX for Dockerbuild Access secrets from a Dockerfile Jan 20, 2023
@d3rp3tt3 d3rp3tt3 added PM label used by product management to help track priorities kind/security labels Mar 6, 2023
@dolanor dolanor linked a pull request Apr 18, 2023 that will close this issue
feat: pass secrets to Container.Build and Directory.Build #4971
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/dx Issue affects the Dagger developer experience: cue syntax, APIs, etc kind/security kind/user-request PM label used by product management to help track priorities
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

feat: pass secrets to Container.Build and Directory.Build dolanor/dagger
5 participants
@shykes @marcosnils @d3rp3tt3 @sipsma @mircubed