undefined | Better HN

0 pointsdjstein9y ago0 comments

>What we use: Create a one time use secret that is destroyed after the image is built and before it is pushed.

This approach has sparked my interest, could you post an example of any open source docker-compose file and/or associated scripts that would do this?

0 comments

lojack9y ago

I did actually encounter this solution while researching the problem, didn't love it, but you can check out the solution at: https://github.com/docker/docker/issues/13490#issuecomment-1...

As long as you add the file and remove it in the same command it doesn't get committed as an extra layer, so the container won't have any history of the secrets. You'll run into problems if you do multiple RUN's or an ADD and then RUN.

j / k navigate · click thread line to collapse

0 pointsdjstein9y ago0 comments

>What we use: Create a one time use secret that is destroyed after the image is built and before it is pushed.

This approach has sparked my interest, could you post an example of any open source docker-compose file and/or associated scripts that would do this?

0 comments

lojack9y ago

I did actually encounter this solution while researching the problem, didn't love it, but you can check out the solution at: https://github.com/docker/docker/issues/13490#issuecomment-1...

j / k navigate · click thread line to collapse