What precisely does --ssh do inside a docker-build?

I’m going round in circles trying to get buildkit to actually forward my SSH agent. I’ve tried various things with environment variable DOCKER_BUILDKIT=1 and:

  • --ssh default
  • --ssh $SSH_AUTH_SOCK
  • --ssh /tmp/ssh-kMLMKuJKBj/agent.3964170

And nothing seems to work. What’s curious is that when I run experimental commands inside the Dockerfile there’s no evidence of the agent actually being forwarded.

SSH_AUTH_SOCK is not set inside the build environment and /tmp is empty.

I’ve tried this on various installs of docker both on mac and ubuntu. Mostly version 19.03.6 API version 1.4.

What am I missing here?

Okay this could be a little better documented on the docker-build page. Anyway if anyone else trips up on this, you need to explicitly use the agent in your docker file for this to work.

Instead of this:

RUN ssh ...

do this

RUN --mount=type=ssh ssh ...
1 Like