I want to build a general purpose container that executes operations with a GitHub token. I don't want to use the token when building (as it would take my personal token obivously) the image but when other people are executing the container and they pass their own token.
Neither ARG nor ENV seem to be the way to do it, as i get this warning:
1 warning found (use docker --debug to expand):
- SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data
What is the correct way to do it?
You can mount secrets in /run/secrets:
FROM ubuntu
CMD cat /run/secrets/my_secret
$ echo "SUPER_SECRET_VALUE" > file.txt
$ docker build -t foo .
$ docker run --rm -it -v $(pwd)/file.txt:/run/secrets/my_secret foo
SUPER_SECRET_VALUE