Dockerfile reference advises against using build-time variables for secrets but offers no alternative

[underyx]

The ARG section says the following:

Warning: It is not recommended to use build-time variables for passing secrets like github keys, user credentials etc. Build-time variable values are visible to any user of the image with the docker history command.

This, however, is not very helpful. The warning should mention what to use instead when you need secrets during build time.

[justincormack]

The plan is to add #28079 at some point I believe, so that the currently swarm runtime only secrets are also available at build time. cc @ehazlett

In terms of what to do right now, yes some more docs would be good.

[ehazlett]

@underyx as justin said, we hope to improve the build options. I have rebased and opened a PR for build (GH wouldn't let me re-open the original) and would love your feedback -- #30637

[thaJeztah]

I think the question is answered, and the discussion currently takes place on #30637, so let me close this issue to prevent the discussion from diverging, but thanks for reporting (and, yes, I agree build-time secrets are badly needed 😇 #13490)