Reputation: 123
Build-time secrets for Windows Docker images
In an unfortunate turn of events, I'm building a Windows Docker image. I need to use a secret during the build, but want to make sure it's securely out of the resulting image.
Because it's a a Windows Docker image, BuildKit is unavailable, which means there are no file mounts at build time and no docker build --secret. Build args are insecure because they would show up in docker history, and expiring the secret immediately after build isn't an option.
One thing I've considered is temporarily storing the secret on a web server somewhere, then curling it into an environment variable during the step where it's required. I guess that would work, but I'm hoping there's a less awkward solution.
Are there any better solutions to this problem?
Upvotes: 0
Views: 226
Answers (0)
Related Questions
- Docker cannot start on Windows
- How to copy Docker images from one host to another without using a repository
- Filename too long in Git for Windows
- How to force Docker for a clean build of an image
- How can I develop for iPhone using a Windows development machine?
- How to mount host volumes into docker containers in Dockerfile during build
- How to remove old and unused Docker images
- Where are Docker images stored on the host machine?