Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Adding secret to docker build, from environment variable rather than a file

Tags:

docker

environment-variables

docker-secrets

Assuming the latest Docker with BuildKit enabled, the documentation suggests that the --secret option has file and env types. I want to use the env type like this:

MYSECRET=thepassword
docker build --secret id=mysecret,env=MYSECRET -t myimage .

In the dockerfile, the secret would be accessed like:

RUN --mount=type=secret,id=mysecret \
    PASSWORD=$(cat /run/secrets/mysecret) && \
    <run command taking password arg> ${PASSWORD}

This approach fails with cat: /run/secrets/mysecret: No such file or directory

A similar issue was asked here but the extra steps writing the secrets into the .condarc file inside the docker image aren't important to me. According to that post, the basic operation of getting a local environment var passed into the docker build for the scope of a single RUN statement should "work", but it doesn't for me.

The build command above runs fine until it tries to access the file path that is supposed to be mapped to the secret. Trying temporarily to pass MYSECRET into the build as a --build-arg shows that the env var can be resolved.

The documentation suggests that --secret will even default to the "env" mode by supplying only the id:

MYSECRET=thepassword
docker build --secret id=MYSECRET -t myimage .

RUN --mount=type=secret,id=MYSECRET \
    PASSWORD=$(cat /run/secrets/MYSECRET) && \
    <run command taking password arg> ${PASSWORD}

When I try this, it actually throws an error sooner, before starting the build:

could not parse secrets: [id=MYSECRET]: failed to stat MYSECRET: stat MYSECRET: no such file or directory

leaving me to believe that it's still trying to use file mode, not env mode at all.

If I choose to store my secret in a file and load it using the file mode, that works. Because of some details about a build pipeline I would rather use the env mode if I can.

Has anyone run into this problem?

I'm building Linux docker images on a Mac M1 running Docker Desktop 4.17.0 with Docker engine 20.10.23

like image 703
ryayl Avatar asked Dec 31 '25 19:12

ryayl

1 Answers

Here's a post that helped me solve this.

Essentially, when running build you pass --secret argument.

export MY_SECRET=foo
docker build --secret id=my_secret_id,env=MY_SECRET -t my_image .

then from Dockerfile you can access it by mounting it like so:

RUN --mount=type=secret,id=my_secret_id \
 export MY_SECRET=$(cat /run/secrets/my_secret_id) && \
 echo $MY_SECRET # would output "foo".
like image 183
Tom Avatar answered Jan 03 '26 23:01

Tom

Sign in to Comment

Related questions

how to run docker on apple silicon (m1)
Create a Linux-based Docker file for .NET Framework project
Env variable in Dockerfile
How can I make phpmyadmin last longer without timeout with Docker
User and database are not initialised though environment variables while deploying postgres in kubernetes
Cannot load and use synonym.txt file on ElasticSearch
Python how to recieve SIGINT in Docker to stop service?
Bind to multiple ip addresses in a single docker container
Kubernetes Pod stuck in CrashLoopBackOff
issues in accessing docker environment variables in systemd service files
Calibre web error FileNotFoundError: [Errno 2] No such file or directory: 'xdg-icon-resource' in Docker
Job failed: failed to pull image "node:latest" with specified policies [always]: no matching manifest for windows/amd64 10.0.17763
loading docker image fails
Should I install airflow inside a Docker or inside a virtual enviromment?
Docker devcontainer with oh-my-zsh and Powerlevel10k

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!