Any other git provider will however also work with this approach. In this post I'll use a private repository on GitHub as an example. We'll dive into two different methods to tackle this in a way that we do not expose our secrets in our Docker layers. How then do you properly use secrets in your Dockerfile? In this blog post, we'll look into a common use case: downloading private git repositories through an npm install. If you want to learn more about these layers, be sure to check out this great post that explains much more. As the cache is uploaded to the system of your provider, it may very well happen that your secret ends up plain-text on their servers. This is especially problematic when you build your Docker images in a (SaaS) CI/CD tool that supports caching. You may think that you properly clean up your secrets later in the Dockerfile, but the secret will then still be available in one of these layers. These are the layers that Docker creates with pretty much every command in your Dockerfile. What you will want to prevent is that your ssh key ends up in one of your intermediate images or layers. How do you properly use an SSH key in a Dockerfile? There are many ways to do it, including many ways to do it wrong.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |