|
|
|
|
|
|
by creztoe
2076 days ago
|
|
|
Do not pass sensitive data to docker build via --build-arg. When you access this with "ARG" you will log the information in the docker history, visible to all. Use "--secret" or use the ARG in an intermediate build stage which doesn't have it's history preserved, then copy any necessary files form the intermediate image to your file image manually. A perfect example of this would be passing your NPM_TOKEN to install company scope packages. |
|
|