1

I need to pass some secrets to a docker file to build my Windows container image.

I learned how not do do it but not how to do it properly. For example, it's unsecure to pass the secret via BUILD-ARG because it can be leaked by an attacker by just viewing the image history. The preferred approach would be using a secret-type mount but seems to be not available for Windows Container.

My current approach is creating a secrets file and pass to the container but also this seems to be not so secure, even if I try to delete it with these steps:

COPY [secrets.txt, .]
RUN scriptWhereIUseMySecrets
RUN del secrets.txt

So, my question: does docker provide some mechanism for managing secrets when it comes to build a Windows container?

Improve this question
2
  • 1
    Did a quick search and found that Docker does support Windows for secrets, with some caveats: docs.docker.com/engine/swarm/secrets Commented Apr 23, 2024 at 22:14
  • Thank you @ViniciusApolinario. I also saw that page but tbh I skipped because it mentions swarm service and mine is just a container built with a dockerfile. I'll check in more detail if there are also info useful for my usecase and, if so, I'll update this post with the answer. Commented Apr 26, 2024 at 12:26

1 Answer 1

Reset to default
0

Use environment variables to pass parameters and secrets from the host the container.

In a cloud environment like App Service, when you define App Settings, those will travel as environment variables inside the container too. For secrets, you can actually go even further and enable KeyVault references, so the actual secret is secure inside the KeyVault and automatically retrieved when needed by App Service and passed into the container as environment variable:

For more information: https://learn.microsoft.com/en-us/azure/app-service/quickstart-custom-container

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.