build-time secrets with envbuilder
Hello all,
I am interested in using build-time secrets with envbuilder+coder, but I see no convenient option to do so. I'm hoping I can arrive at a solution ITT and, if less than ideal, perhaps work on a PR to envbuilder to allow for a better one.
Objective: I need to be able to mount secrets to install most of the image contents (ie. run commands in my Dockerfile with
One option I have, if I am understanding the process correctly, is to pull the secret and store it in
I am interested in using build-time secrets with envbuilder+coder, but I see no convenient option to do so. I'm hoping I can arrive at a solution ITT and, if less than ideal, perhaps work on a PR to envbuilder to allow for a better one.
Objective: I need to be able to mount secrets to install most of the image contents (ie. run commands in my Dockerfile with
--mount=type=secret,id=secret) but see no way to accomplish this with envbuilder. One option I have, if I am understanding the process correctly, is to pull the secret and store it in
/kaniko prior to build-time so that it's available for use when the kaniko executor in envbuilder runs, but I don't see any space to do this in envbuilder. I'm guessing I would have to build my own envbuilder image potentially and bake these secrets in it as the only possible solutions given the envbuilder config options as they are. Do I have this correct? Is there another workaround I might be missing?
