How to properly handle secrets inside Dockerfile?

a month ago

Hello all, following the Railway documentation I've configured my project to build from the following Dockerfile:

ARG DOCKER_TAG=latest
FROM rob93c/stickerify:$DOCKER_TAG
ARG STICKERIFY_TOKEN
ARG LOG_LEVEL
ARG CONCURRENT_PROCESSES
ENV STICKERIFY_TOKEN=$STICKERIFY_TOKEN \
    LOG_LEVEL=$LOG_LEVEL \
    CONCURRENT_PROCESSES=$CONCURRENT_PROCESSES

But this results in a warning issued by Docker:

SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ARG "STICKERIFY_TOKEN") (line 3)(https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/)

details: Sensitive data should not be used in the ARG or ENV commands

Given the documentation doesn't mention how to handle secrets inside Dockerfile, I was wondering what's the best practice on Railway.

1 Replies

a month ago

ARG is the only way, we don't support secret mounts for Dockerfiles yet.


Welcome!

Sign in to your Railway account to join the conversation.

Loading...