ewerx
PRO
10 months ago
Started seeing these warnings in the build logs: "SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data" -- one for each environment variable setup in the Variables that has keywords like "KEY" in the variable name. Is there an alternative way to setup these environment vars?
0 Replies
10 months ago
hello, these warnings are only just warning, there is nothing wrong with passing in secrets via environment variables, and to answer your question, there's no other options anyway.
for transparency, these warnings have since been turned off as they are extremely misleading.