Ability to pass/mount docker build secrets?

I’m evalutating qovery as a potential internal dev platform for my team and I think I’ve hit a bit of a roadblock. The Dockerfile for one of our applications mounts a docker build secret that is expected to be passed in with the --secret arg to docker build. See here: Build secrets | Docker Docs for an example of the type of thing we’re doing. I don’t see anywhere in the qovery UI where it’s possible to specify env vars that should be passed as secrets to the docker build.

I believe I’ve read that you are passing all variables as build-args to the docker build. The only workaround I can think of to have something that works is to have a separate Dockerfile just for qovery that reads the env vars I need as build args. This is suboptimal for a couple reasons. #1 I believe this is a less secure approach & #2 it forces me to duplicate my Dockerfile and maintain separate versions for qovery vs. non-qovery deployments.

I suppose another option would be to just not use qovery for image building and only for deployment triggered by new images being pushed to a container registry.

Any thoughts/suggestions on this topic would be greatly appreciated. Thanks.

Hi @Dave_White ,

Thanks for your question. I’ll let someone from my product and engineering team responding to this question. Cc @a_carrano @Julien_Dan

Hi @Dave_White,

as of now we don’t support passing variables as secrets, I have added the idea into our roadmap but I can’t provide you with an ETA yet.

The only solutions we can provide right now are the ones you suggested (with a preference for the already-built images.

Let me know if this is a blocker for you and if we can help in any ways

Alessandro

Thanks for the reply, confirmation on alternative solutions and getting the idea added to your roadmap!

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.