I am experiencing a problem while attempting to pass a Personal Access Token (PAT) as a secret to Docker, utilizing the --secret flag in a devcontainer setup. I have configured the following lines in my devcontainer:
"initializeCommand": "DOCKER_BUILDKIT=1 SECRET_TOKEN=$AZURE_ARTIFACT_TOKEN docker build --secret id=SECRET_TOKEN ."
I have ensured that the $AZURE_ARTIFACT_TOKEN is present in my .bashrc file. Additionally, I have incorporated the secret in the Dockerfile as follows:
RUN --mount=type=secret,id=SECRET_TOKEN \
SECRET_TOKEN=$(cat /run/secrets/SECRET_TOKEN) &&\
echo $SECRET_TOKEN | az devops login --organization https://dev.azure.com/***** &&\
az artifacts universal download --organization "https://dev.azure.com/*****/" --feed "thirdparty" --name "****" --version "0.2.1" --path ~/perception
Occasionally, the image is created successfully, and the Visual Studio Code configuring step is completed. However, there are instances where the dev containers step fails with the following error message:
cat: /run/secrets/SECRET_TOKEN: No such file or directory
I attempted to resolve this issue by reinstalling Visual Studio Code, which temporarily fixed the problem. Unfortunately, the issue has resurfaced several times without any changes to the code.
I want to emphasis the issue is only on devcontainer. when trying to run the initial command on terminal- the container is running properly
what is the correct way to pass secrets to Docker using devcontainer? what I'm doing wrong?
Thank you very much for your time
I found the solution to my issue:
I tried building via the terminal without buildx, and it succeeded. This led me to understand that the issue was with buildx.
When I ran docker buildx ls in the terminal, I saw that the buildx in use was the docker-container driver.
To fix the issue, I changed it to use the default buildx by running:
docker buildx use default
This resolved the problem.