Ability to pass/mount docker build secrets?

I’m evalutating qovery as a potential internal dev platform for my team and I think I’ve hit a bit of a roadblock. The Dockerfile for one of our applications mounts a docker build secret that is expected to be passed in with the --secret arg to docker build. See here: Build secrets | Docker Docs for an example of the type of thing we’re doing. I don’t see anywhere in the qovery UI where it’s possible to specify env vars that should be passed as secrets to the docker build.

I believe I’ve read that you are passing all variables as build-args to the docker build. The only workaround I can think of to have something that works is to have a separate Dockerfile just for qovery that reads the env vars I need as build args. This is suboptimal for a couple reasons. #1 I believe this is a less secure approach & #2 it forces me to duplicate my Dockerfile and maintain separate versions for qovery vs. non-qovery deployments.

I suppose another option would be to just not use qovery for image building and only for deployment triggered by new images being pushed to a container registry.

Any thoughts/suggestions on this topic would be greatly appreciated. Thanks.

Hi @Dave_White ,

Thanks for your question. I’ll let someone from my product and engineering team responding to this question. Cc @a_carrano @Julien_Dan

Hi @Dave_White,

as of now we don’t support passing variables as secrets, I have added the idea into our roadmap but I can’t provide you with an ETA yet.

The only solutions we can provide right now are the ones you suggested (with a preference for the already-built images.

Let me know if this is a blocker for you and if we can help in any ways

Alessandro