Conversation
mzihlmann
force-pushed
the
cg188-secret-mounts
branch
4 times, most recently
from
f74cef5 to
5bf48a1
Compare
mzihlmann
force-pushed
the
cg188-secret-mounts
branch
5 times, most recently
from
88c8a2e to
ba3fdd5
Compare
Collaborator
Author
|
I was having a think about how we expose the cli arg and I think docker is correct. We shouldnt push the anti-pattern of putting secrets onto the cli. As we're in k8s they anyways can only come in env variables or file, so the docker implementation is actually convenient. |
0hlov3
approved these changes
Nov 26, 2025
mzihlmann
force-pushed
the
cg188-secret-mounts
branch
from
ba3fdd5 to
98710e8
Compare
Collaborator
Author
|
let me do the docker style cli arg in a second part as it would only explode the contents of this PR |
mzihlmann
force-pushed
the
cg188-secret-mounts
branch
from
98710e8 to
83b0073
Compare
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes https://github.com/chainguard-dev/kaniko/issues/188 GoogleContainerTools/kaniko#3028
Description
Adds support for secret mount syntax. Note that this does not store the secrets securely, any secrets passed to kaniko must be considered exposed.
Submitter Checklist
These are the criteria that every PR should meet, please check them off as you
review them:
See the contribution guide for more details.
Reviewer Notes
Release Notes
Describe any changes here so maintainer can include it in the release notes, or delete this block.