mirror of https://github.com/docker/cli.git
Clarify warning against using build-time variables for secrets
Signed-off-by: Dave Henderson <dhenderson@gmail.com>
This commit is contained in:
parent
46b571999d
commit
e8b87f53ec
|
@ -1292,8 +1292,9 @@ subsequent line 3. The `USER` at line 4 evaluates to `what_user` as `user` is
|
||||||
defined and the `what_user` value was passed on the command line. Prior to its definition by an
|
defined and the `what_user` value was passed on the command line. Prior to its definition by an
|
||||||
`ARG` instruction, any use of a variable results in an empty string.
|
`ARG` instruction, any use of a variable results in an empty string.
|
||||||
|
|
||||||
> **Note:** It is not recommended to use build-time variables for
|
> **Warning:** It is not recommended to use build-time variables for
|
||||||
> passing secrets like github keys, user credentials etc.
|
> passing secrets like github keys, user credentials etc. Build-time variable
|
||||||
|
> values are visible to any user of the image with the `docker history` command.
|
||||||
|
|
||||||
You can use an `ARG` or an `ENV` instruction to specify variables that are
|
You can use an `ARG` or an `ENV` instruction to specify variables that are
|
||||||
available to the `RUN` instruction. Environment variables defined using the
|
available to the `RUN` instruction. Environment variables defined using the
|
||||||
|
|
|
@ -376,8 +376,9 @@ A Dockerfile is similar to a Makefile.
|
||||||
defined and the `what_user` value was passed on the command line. Prior to its definition by an
|
defined and the `what_user` value was passed on the command line. Prior to its definition by an
|
||||||
`ARG` instruction, any use of a variable results in an empty string.
|
`ARG` instruction, any use of a variable results in an empty string.
|
||||||
|
|
||||||
> **Note:** It is not recommended to use build-time variables for
|
> **Warning:** It is not recommended to use build-time variables for
|
||||||
> passing secrets like github keys, user credentials etc.
|
> passing secrets like github keys, user credentials etc. Build-time variable
|
||||||
|
> values are visible to any user of the image with the `docker history` command.
|
||||||
|
|
||||||
You can use an `ARG` or an `ENV` instruction to specify variables that are
|
You can use an `ARG` or an `ENV` instruction to specify variables that are
|
||||||
available to the `RUN` instruction. Environment variables defined using the
|
available to the `RUN` instruction. Environment variables defined using the
|
||||||
|
|
Loading…
Reference in New Issue