You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
One thing that I found that works for passing secrets into builds was by using environment variables instead of files. This is a lot easier for me to use, as this will allow me to define an environment variable value on a CI step instead of having to write things out to file first.
However I cannot find any documentation that this is a supported feature. The only things I can find show that defining a build secret also defines a source file. Is this actually a supported feature, or was this an accidental bug? If it is a supported feature, I would think this should be documented somewhere at least. The best candidate I can think of would be the buildx build page perhaps.
Here's a contrived example of how I'm using it:
FROM debian:bullseye-slim
RUN --mount=type=secret,id=SECRET_TOKEN \
set -eu; \
export SECRET_TOKEN="$(cat /run/secrets/SECRET_TOKEN)"; \
echo ${SECRET_TOKEN:-"SECRET MISSING"};
One thing that I found that works for passing secrets into builds was by using environment variables instead of files. This is a lot easier for me to use, as this will allow me to define an environment variable value on a CI step instead of having to write things out to file first.
However I cannot find any documentation that this is a supported feature. The only things I can find show that defining a build secret also defines a source file. Is this actually a supported feature, or was this an accidental bug? If it is a supported feature, I would think this should be documented somewhere at least. The best candidate I can think of would be the buildx build page perhaps.
Here's a contrived example of how I'm using it:
SECRET_TOKEN=token docker buildx build \ -t secret-image \ --secret=id=SECRET_TOKEN \ --progress plain \ --no-cache \ .
Output:
The text was updated successfully, but these errors were encountered: