Add an example of accessing the secrets file without root permissions

pull/560/head
Emanuel Fernandes 2022-02-13 20:10:52 +00:00 committed by GitHub
parent fe02965b48
commit d60df21dda
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 17 additions and 0 deletions

View File

@ -13,6 +13,23 @@ RUN --mount=type=secret,id=github_token \
cat /run/secrets/github_token cat /run/secrets/github_token
``` ```
If you need access to the `secrets` file from a non-root user, you'll need to set the `uid` in the `--mount` argument:
```Dockerfile
#syntax=docker/dockerfile:1.2
FROM alpine
# Create non-root user
RUN addgroup -S newuser && adduser -u 1001 -S -g newuser newuser
# Run everything after as non-privileged user.
USER newuser
RUN --mount=type=secret,uid=1001,id=github_token \
cat /run/secrets/github_token
```
As you can see we have named our secret `github_token`. Here is the workflow you can use to expose this secret using As you can see we have named our secret `github_token`. Here is the workflow you can use to expose this secret using
the [`secrets` input](../../README.md#inputs): the [`secrets` input](../../README.md#inputs):