dockerenvironmentdocker-secrets

Pass arguments to docker build, but NOT via cli


Is it possible to pass docker build build-arg arguments not as CLI parameters, but as environment variables for example?

I need to pass some sensitive information inside the build container, and if I do it using --build-arg it is getting exposed to other users of the system.

Is there a way to pass it in some other fashion? (I know that I can do it using docker-compose, but I don't have docker-compose in that case)


Solution

  • It is only possible via --build-args.

    Sensitive information should not be passed as build args anyway, because as described in the docs

    It is not recommended to use build-time variables for passing secrets like github keys, user credentials etc. Build-time variable values are visible to any user of the image with the docker history command.

    Use --secret instead to pass sensitive info (reference).