Docker build secret

Test repo: GitHub - kaihendry/docker-build-secret

Hi there, I can’t figure out how to mount a secret and use that secret in the context of a build here:

docker buildx version
github.com/docker/buildx 0.10.3 79e156beb11f697f06ac67fa1fb958e4762c0fab
docker buildx build -t test --secret id=gitconfig,src=/tmp/docker-secret/SUPER-SECRET .
[+] Building 1.3s (6/6) FINISHED
 => [internal] load build definition from Dockerfile                                                                                                                                                            0.0s
 => => transferring dockerfile: 137B                                                                                                                                                                            0.0s
 => [internal] load .dockerignore                                                                                                                                                                               0.0s
 => => transferring context: 2B                                                                                                                                                                                 0.0s
 => [internal] load metadata for docker.io/library/alpine:latest                                                                                                                                                0.9s
 => [stage-0 1/3] FROM docker.io/library/alpine@sha256:69665d02cb32192e52e07644d76bc6f25abeb5410edc1c7a81a10ba3f0efb90a                                                                                         0.0s
 => CACHED [stage-0 2/3] RUN --mount=type=secret,id=gitconfig,target=/root/.gitconfig                                                                                                                           0.0s
 => ERROR [stage-0 3/3] RUN cat /root/.gitconfig

What am I missing please?

Ah, I didn’t realise the mount is actually a switch and not an isoloated step.

RUN --mount=type=secret,id=gitconfig,target=/root/.gitconfig cat /root/.gitconfig

Since every instuction runs a new container, The mounted content has to be used in the same instruction as you figured it out.