vsupalov
BUILDING DOCKER IMAGES

A Better Way to Access Private SSH Git Repositories While Building Your Docker Images

TAGS: DOCKER BUILD, SECRETS, DOCKER BUILDKIT

I have written about this topic before in the past. If you don’t watch out, you can easily leak your SSH credentials into your Docker image, sometimes without even noticing. Handling build-time secrets got easier with BuildKit, and the same goes for SSH secrets.

However, there’s a special mechanism to pass SSH credentials into your building Docker image without leaving a trace, with is an even better fit than the new secret mount type.

A Better Way

With the new SSH mount type you can allow your Docker build to make use of your host’s SSH keys.

Here’s how it looks like:

RUN --mount=type=ssh ...

You add the new mount type to your RUN command, and the whole process is taken care of for you. You can read more about this features here in the docs.

In Conclusion

If you have been passing SSH credentials into your Docker images insecurely, had to use elaborate workflows or extra steps, you might benefit from switching to BuildKit and using the ssh mount type to give single image build steps access to your host’s SSH keys.

If you’re looking to pass non-secret data to your image build, check out this article. If you want to pass generic, non-SSH secrets to your image build process and leave behind no traces, there’s another BuildKit feature which could help you do that.

Subscribe to my newsletter!
You'll get notified via e-mail when new articles are published. I mostly write about Docker, Kubernetes, automation and building stuff on the web. Sometimes other topics sneak in as well.

Your e-mail address will be used to send out summary emails about new articles, at most weekly. You can unsubscribe from the newsletter at any time.

Für den Versand unserer Newsletter nutzen wir rapidmail. Mit Ihrer Anmeldung stimmen Sie zu, dass die eingegebenen Daten an rapidmail übermittelt werden. Beachten Sie bitte auch die AGB und Datenschutzbestimmungen .

vsupalov.com

© 2024 vsupalov.com. All rights reserved.