How/Where to save credentials to use from Dockerfile

772 views Asked by At

I have a Dockerfile with the following content

FROM eclipse-temurin:17-alpine
RUN apk update && apk add --no-cache curl gcompat


ENV REPO_USERNAME=username
ENV REPO_PASSWORD=password

# Create a directory for Puppeteer
RUN mkdir -p /puppeteer

RUN curl --user "$REPO_USERNAME:$REPO_PASSWORD" -o reqLoader-linux http://10.81.9.1/tools/puppeteer-v13/reqLoader-linux
RUN mv reqLoader-linux /puppeteer/reqLoader-linux

It works fine, as you see I use there username and password, I want to save those credentials in a secure place and be able to access them from this script.

I am running this Dockerfile using .sh script in git bash(win 11) This image will be created on the linux env in production and I want simple/minimal solution to achive this

I tryied to run docker secret create my_secret ./credentials and in the credentials.json I have

{
    "username" : "username",
    "password" : "password"
}

In this case, I get

Error response from daemon: This node is not a swarm manager. Use "docker swarm init" or "docker swarm join" to connect this node to swarm and try again.

should I init swarm and go that way? another possible solution I am reading now is compose file

the solution that I imagine should be an encrypted file in which stored the credentials and only docker can see it when running Dockerfile

1

There are 1 answers

0
Black Bear On BEST ANSWER

I was able to solve the problem by doing the following steps

  1. I created .netrc in the same level that my Dockerfile is
  2. I added the following content in the .netrc file machine 10.81.9.1 login testusername password testpassword!
  3. I modified the .sh file to run the Dockerfile using this script DOCKER_BUILDKIT=1 docker build --secret id=netrc,src=./.netrc -t $IMAGE:$TAG . instead of the old docker build . -t $IMAGE:$TAG
  4. modified the Dockerfile by adding in the first line # syntax = docker/dockerfile:1.0-experimental and then to download file using this command RUN --mount=type=secret,id=netrc curl --netrc-file /run/secrets/netrc --output reqLoaderLinux http://10.81.9.1/tools/puppeteer-v13/reqLoader-linux

useful sources solution , about .netrc file