Reputation: 156
How to mount secret file in docker image build & use variable from secret file in Dockerfile to authenticate a command?
Can someone please provide an example of the following command:
DOCKER_BUILDKIT=1 docker build --secret:id=mysecret,src=/local/secret ...
I don't know how to access the variables from secret file after mounting.
For example: I want to set Proxy using the secret passed and run an install command
Upvotes: 5
Views: 11984
Answers (3)
Reputation: 152
I spent a lot of time trying to find an easy way to set up this.
This is the easiest way that I found if you want to use an .env file
Env
Considering you have an .env file like this
SECRET=123
OTHER_SECRET=1234
Docker Cli
You can pass all the variables inside .env using this command
docker build --secret id=my_env,src=.env .
Dockerfile
Then to use the variables in your docker file, all you need to do is
# syntax=docker/dockerfile:1
FROM alpine:latest
WORKDIR /app
RUN --mount=type=secret,id=my_env source /run/secrets/my_env; \
echo "$SECRET" >> /app/secrets.txt; \
echo "$OTHER_SECRET" >> /app/secrets.txt;
CMD ["cat","secrets.txt"]
When you run this container it should print your secrets
Make sure to add the # syntax=docker/dockerfile:1 line at the start otherwise it won't work.
Upvotes: 1
Reputation: 1
You can use Docker's secret management feature to mount a secret file in a Docker image build and use a variable from the secret file in the Dockerfile to authenticate a command. Here are the steps to achieve this:
- Create a secret file containing the variable you need to authenticate the command:
echo "mysecretvalue" | docker secret create my_secret_name -
- Update your Dockerfile to use the secret:
FROM your_base_image
# Copy the secret file
COPY --from=0 /run/secrets/my_secret_name /my_secret_file
# Use the secret value in a command
RUN my_command --auth $$(cat /my_secret_file)
Note that the --from=0 option copies the secret file from the build context where the secret was added.
- Build the Docker image with the secret:
docker build --secret my_secret_name .
This will build the Docker image with the secret file mounted and use the secret value in the command my_command using the --auth flag.
Upvotes: -2
Reputation: 4911
Your secret would be mounted as /run/secrets/mysecret which can be accessed using the cat command. The RUN command might look something like below:
RUN --mount=type=secret,id=mysecret \
cat /run/secrets/mysecret
A more complete example below:
- Dockerfile:
FROM node:16
WORKDIR /app
RUN --mount=type=secret,id=USERNAME \
cat /run/secrets/USERNAME > /app/username.txt
- A docker image can be built from this file, with
--secretflag using below command:
DOCKER_BUILDKIT=1 docker build --secret id=USERNAME,src=username.txt -t node:16-secret .
- Now the built docker image contains the contents of
username.txtsecret, which was passed at build time, as the file/app/username.txt. That can be verified using below command:
docker run --rm -it node:16-secret cat username.txt
You can refer this answer for an example of using the mounted secret in a curl command
Upvotes: 8
Related Questions
- How to copy files from host to Docker container?
- How can I use local Docker images with Minikube?
- How to copy Docker images from one host to another without using a repository
- How to set image name in Dockerfile?
- From inside of a Docker container, how do I connect to the localhost of the machine?
- How to force Docker for a clean build of an image
- How is Docker different from a virtual machine?
- How to get a Docker container's IP address from the host
- How to mount host volumes into docker containers in Dockerfile during build
- Xcode "Build and Archive" from command line