Docker Secrets

Using the --secret flag allows you to mount secrets into your Docker container in a safe way where they won’t end up in the final image (official documentation ).


Let’s say we want to download a file that is protected using basic auth. Our Dockerfile would look like this:

RUN --mount=type=secret,id=auth \
    curl -O -u "$(cat /run/secrets/auth)"

When building the container we need to pass the --secret flag and provide a file, like this:

$ echo "foo:bar" > auth.txt
$ docker build --secret id=auth,src=auth.txt .
Edit this page on GitHub