nodeJSTypeScript template: use secrets to authenticate with private npm registry #217

escherstair · 2024-08-02T14:46:07Z

I open here this issue following this topic on Toradex community.
Quick summary:

I have private npm registry that requires authentication (secrets splitted into two .npmrc files:_ one in the project folder and the other one in the user home)
this secrets are necessary to build the docker container
the secrets shoud be used in a secure way (i.e., not leaving them in the docker layers)
templates use docker compose build ....
from Docker support

To make a secret available at build time using Docker Compose, you would typically use build arguments. However, as previously mentioned, this method is not secure for sensitive data, as the build arguments can be cached in the Docker layers.
Unfortunately, as of Docker Compose version 1.25.0+, the ability to use Docker secrets during the build process is not supported. The secrets are only available to the services at runtime, not at build time.

If you need to use secrets during the build process, you might need to consider other methods.

Has someone else this need?
Is it possible to find a workaround?

The text was updated successfully, but these errors were encountered:

microhobby added help wanted Extra attention is needed question Further information is requested labels Aug 24, 2024

Provide feedback