Secrets file not accessible at build time

I have an app that’s using Docker which requires JSON credentials that I’ve stored in a secrets file. Per the documentation, I’ve set up a secret mount in the build process so that I can copy the credentials to the appropriate path. Unfortunately, I keep getting an error when copying the file:

–mount=type=secret,id=gcs_json,dst=/etc/secrets/gcs.json: No such file or directory

I’m sure there’s something I’ve overlooked so I’m hoping that a fresh set of eyes can help. Simplified Dockerfile for reference:

# syntax=docker/dockerfile:1.2
FROM python:3.11.9-bookworm as base
WORKDIR /rails
COPY . .
RUN mkdir -p config/secrets && \
    --mount=type=secret,id=gcs_json,dst=/etc/secrets/gcs.json \
    cp /etc/secrets/gcs.json config/secrets/gcs.json
RUN --mount=type=secret,id=gcs_json,dst=/etc/secrets/gcs.json

should be all that you need to get the file added to /etc/secrets/gcs.json. It’s not clear from your OP if the first output you show is doing exactly that.

Have you tried to see if that works - could you give it a try, drop into shell and see if the file is mounted?

I have tried that and confirmed that the file mounted. The issue is that I can’t access the file because my container is not running as root.

I was hoping that I could copy the file before switching users so that the file would accessible later but I get the above error. I know that the simple answer is to run the container as root but Homebrew complains and makes it difficult :neutral_face:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.