Skip to content

Sensitive data should not be used in the ARG or ENV commands: Dockerfile #21

New issue
New issue
Open
Open
Sensitive data should not be used in the ARG or ENV commands: Dockerfile#21
@LeonStoldt

Description

@LeonStoldt
LeonStoldt
opened on Aug 11, 2024

Build Check references the following issue:

Sensitive data should not be used in the ARG or ENV commands: Dockerfile#L31
SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "ACCESS_TOKEN_SALT") More info:
https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/

Solution:
Use docker build secrets instead: https://docs.docker.com/build/building/secrets/

Todo:

  • JWT_SECRET
  • REDIS_PW
  • POSTGRES_PW
  • ACCESS_TOKEN_SALT

Activity

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions