From 8bebb50566358c5601acfbc13d38917b6d73b97d Mon Sep 17 00:00:00 2001 From: Shubham-Patel07 Date: Tue, 31 Dec 2024 00:26:03 +0530 Subject: [PATCH] Fix: Made changes in the docker file such that the secret is injected in container properly --- Dockerfile | 4 ++-- Dockerfile_webdesktop | 6 ++++-- Dockerfile_webdesktopk8s | 6 ++++-- 3 files changed, 10 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6973e45cb..bc851f4e7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -23,8 +23,8 @@ RUN mkdir -p /app # Use a separate RUN command for --mount RUN --mount=type=secret,id=mysecret \ - cat /run/secrets/mysecret > /app/secret.txt - + export SECRET_VALUE=$(cat /run/secrets/mysecret) && \ + echo $SECRET_VALUE >> /app/secret.txt RUN adduser -u 2000 -D wrongsecrets USER wrongsecrets diff --git a/Dockerfile_webdesktop b/Dockerfile_webdesktop index 1bf54c443..130c764c7 100644 --- a/Dockerfile_webdesktop +++ b/Dockerfile_webdesktop @@ -31,9 +31,11 @@ RUN \ # Add secret handling for Kubernetes-specific Docker builds # Create the /app directory to store the secret RUN mkdir -p /app -# The secret will be written to a file for the challenge + +# Use a separate RUN command for --mount RUN --mount=type=secret,id=mysecret \ - cat /run/secrets/mysecret > /var/tmp/wrongsecrets/secret.txt + export SECRET_VALUE=$(cat /run/secrets/mysecret) && \ + echo $SECRET_VALUE >> /app/secret.txt WORKDIR /config/Desktop diff --git a/Dockerfile_webdesktopk8s b/Dockerfile_webdesktopk8s index f44623918..87dd2567b 100644 --- a/Dockerfile_webdesktopk8s +++ b/Dockerfile_webdesktopk8s @@ -36,9 +36,11 @@ RUN \ # Add a secret using --mount and write it to a specific file path for the challenge # Create the /app directory to store the secret RUN mkdir -p /app -# This demonstrates how secrets can be mishandled during Docker builds + +# Use a separate RUN command for --mount RUN --mount=type=secret,id=mysecret \ - cat /run/secrets/mysecret > /var/tmp/wrongsecrets/secret.txt + export SECRET_VALUE=$(cat /run/secrets/mysecret) && \ + echo $SECRET_VALUE >> /app/secret.txt WORKDIR /config/Desktop