If you are kind of stuck with the same issue, access the secrets in the dockerfile, when you are building the image, maybe this will help you. In this article, I will show you how to access the secrets in the dockerfile when you are building the image.
First of all, you need to create repository in the github. Feel free fork the repository under the link "github-secrets" or create your own repository or you can. this repository is a nextjs application. You dont need to undrestand the code, as we only go through how to pass secrets to the dockerfile. further more, I will deploy it to the docker hub. In this example, I won's show how to create an account in the docker hub.
Create secrets in the github repository
going to the repository settings, then secrets, then new repository secret, then add the secret name and value, then click add secret. In this example, I will create a secret named
Passing secrets through github actions
Now we can pass the secrets to the dockerfile. In the .github/workflows directory, create a file named main.yml and add the following code.
secrets: "NEXT_PUBLIC_MY_SECRET=${{ secrets.NEXT_PUBLIC_MY_SECRET }}"how it looks like in the file
1name: Deploy to Docker Hub
2on:
3 push:
4 branches: ["master"]
5 workflow_dispatch:
6permissions:
7 contents: read
8 pages: write
9 id-token: write
10concurrency:
11 group: "pages"
12 cancel-in-progress: false
13jobs:
14 build:
15 runs-on: ubuntu-latest
16 steps:
17 - name: Checkout
18 uses: actions/checkout@v4
19 - name: Login to Docker Hub
20 uses: docker/login-action@v3
21 with:
22 username: ${{ secrets.DOCKER_HUB_USERNAME }}
23 password: ${{ secrets.DOCKER_HUB_TOKEN }}
24 - name: Set up Docker Buildx
25 uses: docker/setup-buildx-action@v2
26 - name: Build and push
27 uses: docker/build-push-action@v4
28 with:
29 context: .
30 file: ./Dockerfile
31 push: true
32 tags: ${{ secrets.DOCKER_HUB_USERNAME }}/sanskytech:latest
33 secrets: "NEXT_PUBLIC_MY_SECRET=${{ secrets.NEXT_PUBLIC_MY_SECRET }}"Acess the secrets in the dockerfile
After passing the secrets to github action file, we can access the secrets in the dockerfile. In the Dockerfile, add the following code.
RUN \
sed -i "s~NEXT_PUBLIC_MY_SECRET=~NEXT_PUBLIC_MY_SECRET=$(cat /run/secrets/NEXT_PUBLIC_MY_SECRET)~" .env.productionIt should like this in the Dockerfile
1FROM node:20-alpine AS build
2RUN apk add --no-cache libc6-compat
3WORKDIR /app
4COPY ./package*.json /app/
5RUN npm install -g npm@latest
6RUN npm ci
7COPY . .
8
9RUN \
10sed -i "s~NEXT_PUBLIC_MY_SECRET=~NEXT_PUBLIC_MY_SECRET=$(cat /run/secrets/NEXT_PUBLIC_MY_SECRET)~" .env.production
11
12RUN npm run build
13
14FROM node:20-alpine
15RUN apk update && apk upgrade && apk add dumb-init && adduser -D nextuser
16WORKDIR /app
17
18COPY /app/public ./public
19COPY /app/.next/standalone ./
20COPY /app/.next/static ./.next/static
21
22USER nextuser
23EXPOSE 3020
24ENV HOST=0.0.0.0 PORT=3020 NODE_ENV=production
25CMD ["dumb-init","node","server.js"]The file Dockerfile is from this link "docker file" for dockerizing the nextjs application. We only put the code to access the secrets in the dockerfile. In Addition, we have a file named Production.env, which contains the environment variables. We want to replace the value of the MY_SECRET in the production.env file with the secret value. It contains the following code.
NEXT_PUBLIC_MY_SECRET=After building the image, the value of the NEXT_PUBLIC_MY_SECRET will be replaced with the secret value and can be accessed in the container. We use it to show the secret value on the main page. It only for testing purposes.
Smmary
to sum up, we have created a secret in the github repository, passed the secret to the dockerfile through the github action file, and accessed the secret in the dockerfile. We have replaced the value of the NEXT_PUBLIC_MY_SECRET in the production.env file with the secret value. After building the image, the value of the NEXT_PUBLIC_MY_SECRET will be replaced with the secret value and can be accessed in the container. I hope you enjoyed this article. If you have any questions, feel free to ask. 🫡