I’m building docker images via a build script, all local (docker.chandlerfamily.org.uk) is a repository on a local Synology NAS.
node scripts/buildlibs.js
node scripts/builddockerenv.js home
docker buildx build --push -f Dockerfile-client -t docker.chandlerfamily.org.uk/client .
docker buildx build --push -f Dockerfile-server -t docker.chandlerfamily.org.uk/server .
docker buildx build --push -f Dockerfile-timer -t docker.chandlerfamily.org.uk/timer .
docker buildx build --push -f Dockerfile-mail --secret id=pfcred,src=pfcred/relay_password -t docker.chandlerfamily.org.uk/mail .
The key issue is the secret passed to docker.chandlerfamily.org.uk/mail
Inside Dockerfile-mail I do the following
FROM alpine:latest AS relay-builder
RUN --mount=type=cache,target=/var/cache/apk apk add postfix
WORKDIR /etc/postfix
RUN --mount=type=secret,id=pfcred,target=/etc/postfix/relay_password,required postmap relay_password
and further down the same file after another “FROM” do
COPY --from=relay-builder /etc/postfix/relay_password.lmdb .
I bring the resultant image up via docker compose up -d
and then enter the container
docker exec -it pasmail sh
ive also installed lmdb-tools inside the container and can therefore dump relay_password.lmdb out as ascii text
It shows a version of the original relay_password several interations ago, in particular with the wrong password.
I assume that either secret is getting cached somewhere or the result is being cached. How do I stop it doing this?