Currently, you can pass file-based secrets to docker build via --secret and RUN --mount. However, often our secrets are actually environment variables, such as a username and password. We can work around this limitation by writing the environment variable to some file, passing that file a secret, mounting it in the RUN step, and then reading the file into an environment variable. However, this is very awkward.
I think it would be better if these environment variables could be passed in directly as secrets. Something like this:
docker build --secret-env USERNAME --secret-env PASSWORD
RUN --env=USERNAME --env=PASSWORD ...
(These flag names are just for demonstration purposes. I am open to whatever names you think would make the most sense.)
Currently, you can pass file-based secrets to
docker buildvia--secretandRUN --mount. However, often our secrets are actually environment variables, such as a username and password. We can work around this limitation by writing the environment variable to some file, passing that file a secret, mounting it in theRUNstep, and then reading the file into an environment variable. However, this is very awkward.I think it would be better if these environment variables could be passed in directly as secrets. Something like this:
RUN --env=USERNAME --env=PASSWORD ...(These flag names are just for demonstration purposes. I am open to whatever names you think would make the most sense.)