I am using the Heroku Review Apps feature with Heroku Docker deploys, which is currently working well (each new review app runs a Docker build, and runs the container as expected).
I now have a need to install a private npm module, which means I need a secure npm token available during build time.
I have seen that it is possible to supply these as config parameters inside a heroku.yml file, however that seems to require the secret to be commited to the repository which is not a good option.
Is there a way to use a secret during the build process?
https://devcenter.heroku.com/articles/build-docker-images-heroku-yml#setting-build-time-environment-variables
I have attempted to use Heroku Enviornment variables but they are not available at build time. I have confirmed that this is correctly available on the review app
heroku.yml
build:
docker:
web: Dockerfile
app.json
{
"name": "redacted",
"scripts": { },
"stack": "container",
"addons": [ ],
"buildpacks": [ ],
"env": {
"NPM_TOKEN": {
"required": true
}
},
"formation": {
"web": {
"quantity": 1
}
}
}
No. This is unfortunately not something currently provided by Heroku.
You cannot set secure build-time config vars for docker builds.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With