You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Let's use RUN --mount=type=secret when building the job image, to access user's secret build vars without baking them into the image.
Currently, build env vars are passed via regular environment variables, which leaves a trace of a secret in the docker layers history (anyone having access to the image could read the secret build vars).
Build env vars are particularly useful when the job needs to download a third-party library from a private git repository.
The text was updated successfully, but these errors were encountered:
Let's use RUN --mount=type=secret when building the job image, to access user's secret build vars without baking them into the image.
Currently, build env vars are passed via regular environment variables, which leaves a trace of a secret in the docker layers history (anyone having access to the image could read the secret build vars).
Build env vars are particularly useful when the job needs to download a third-party library from a private git repository.
The text was updated successfully, but these errors were encountered: