Ability to use Docker Build Secrets
in progress
Y
Yellow green Deer
Ability to use Docker build secrets. Add the option to specify secrets against the built in Build and Push mechanisms.
Log In
This post was marked as
in progress
N
Nofar Bluestein
this fiscal quarter
E
Elderberry Sawfish
This is something we have a need for as well.
Is there been any timeframe from the Harness team on when this will be implemented? (I see it was marked as "Long-Term" 4 months ago, has there been any movement here?)
Y
Yellow green Deer
We've been using docker in docker as a workaround. However this past week this has started to creak at the seams as the image has grown and is now failing. Really need a way to handle secrets properly in the built in steps.
Pranav Rastogi
long-term
Pranav Rastogi
pending feedback
Y
Yellow green Deer
We want the ability to be able to use this functionality against the built in Docker Build and Push steps (e.g. Build and Push to ECR) so we can define secrets in an appropriate way i.e. not as env or build args that stay within the built Docker image potentially leaking the secrets.
This mechanism allows secrets to be used as part of the Docker build but without actually keeping them within the created image, which is good security practice.
For now to work around this we need to use docker in docker and run for example the below command
docker build -t ${DEV_REPOSITORY}/${CONTAINER_IMAGE_NAME}:${TAG} --secret id=AWS_ACCESS_KEY_ID --secret id=AWS_SECRET_ACCESS_KEY --secret id=AWS_REGION --build-arg HARNESS_BASE_IMAGE_TAG=${HARNESS_BASE_IMAGE_TAG} .
Pranav Rastogi
under review
Pranav Rastogi
Hi Paul, Thank you for submitting this request. Can you please describe your scenario and a mock pipeline to illustrate your use-case?