SecretsUsedInArgOrEnv
Started seeing these warnings in the build logs: "SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data" -- one for each environment variable setup in the Variables that has keywords like "KEY" in the variable name. Is there an alternative way to setup these environment vars?
Solution:Jump to solution
hello, these warnings are only just warning, there is nothing wrong with passing in secrets via environment variables, and to answer your question, there's no other options anyway.
for transparency, these warnings have since been turned off as they are extremely misleading....
3 Replies
Project ID:
57b677a5-3ab2-46ff-a4d3-d825953cabb957b677a5-3ab2-46ff-a4d3-d825953cabb9
Solution
hello, these warnings are only just warning, there is nothing wrong with passing in secrets via environment variables, and to answer your question, there's no other options anyway.
for transparency, these warnings have since been turned off as they are extremely misleading.