Reputation: 816
How to use secrets in DockerFile when building a Windows container?
I need to pass some secrets to a docker file to build my Windows container image.
I learned how not do do it but not how to do it properly. For example, it's unsecure to pass the secret via BUILD-ARG because it can be leaked by an attacker by just viewing the image history. The preferred approach would be using a secret-type mount but seems to be not available for Windows Container.
My current approach is creating a secrets file and pass to the container but also this seems to be not so secure, even if I try to delete it with these steps:
COPY [secrets.txt, .]
RUN scriptWhereIUseMySecrets
RUN del secrets.txt
So, my question: does docker provide some mechanism for managing secrets when it comes to build a Windows container?
Upvotes: 1
Views: 362
Answers (1)
Reputation: 464
Use environment variables to pass parameters and secrets from the host the container.
In a cloud environment like App Service, when you define App Settings, those will travel as environment variables inside the container too. For secrets, you can actually go even further and enable KeyVault references, so the actual secret is secure inside the KeyVault and automatically retrieved when needed by App Service and passed into the container as environment variable:
For more information: https://learn.microsoft.com/en-us/azure/app-service/quickstart-custom-container
Upvotes: 0
Related Questions
- How to copy files from host to Docker container?
- How to deal with persistent storage (e.g. databases) in Docker
- How to pass secret via dockerfile mount?
- How to set image name in Dockerfile?
- In a Dockerfile, How to update PATH environment variable?
- Multiple FROMs - what it means
- Docker - Name is already in use by container
- How do I make a comment in a Dockerfile?