ContextQMD
Back to Dagger

Dockerfile Build

docs/current_docs/partials/cookbook/secrets/_dockerfile-build.mdx

0.20.71.6 KB
Original Source

Use secret in Dockerfile build

The following code listing demonstrates how to inject a secret into a Dockerfile build. The secret is automatically mounted in the build container at /run/secrets/SECRET-ID.

<Tabs groupId="language" queryString="sdk"> <TabItem value="go" label="Go">
go
</TabItem> <TabItem value="python" label="Python">
python
</TabItem> <TabItem value="typescript" label="TypeScript">
typescript
</TabItem> </Tabs>

The sample Dockerfile below demonstrates the process of mounting the secret using a secret filesystem mount type and using it in the Dockerfile build process:

shell
FROM alpine:3.17
RUN apk add curl
RUN --mount=type=secret,id=gh-secret \
    curl "https://api.github.com/repos/dagger/dagger/issues" \
        --header "Accept: application/vnd.github+json" \
        --header "Authorization: Bearer $(cat /run/secrets/gh-secret)"

Dockerfile build with mounted secret

Build from a Dockerfile with a mounted secret from the host environment:

<Tabs groupId="shell"> <TabItem value="System shell"> ```shell dagger -c 'build . env://GITHUB_API_TOKEN' ``` </TabItem> <TabItem value="Dagger Shell"> ```shell title="First type 'dagger' for interactive mode." build . env://GITHUB_API_TOKEN ``` </TabItem> <TabItem value="Dagger CLI"> ```shell dagger call build --source=. --secret=env://GITHUB_API_TOKEN ``` </TabItem> </Tabs>