cicd
build_error
ai_generated
true
ERROR: failed to solve: failed to read secret 'my_secret': file not found or not a valid secret
ID: cicd/dockerfile-buildkit-secret-not-found
90%Fix Rate
86%Confidence
1Evidence
2024-02-28First Seen
Version Compatibility
| Version | Status | Introduced | Deprecated | Notes |
|---|---|---|---|---|
| Docker 24.0.7 | active | — | — | — |
| Docker BuildKit 0.12.3 | active | — | — | — |
Root Cause
Docker BuildKit could not locate the secret file specified via `--secret` flag because the path is incorrect, the file does not exist, or the secret is not properly mounted in the build context.
generic中文
Docker BuildKit 无法找到通过 `--secret` 标志指定的密钥文件,因为路径不正确、文件不存在或密钥未正确挂载到构建上下文中。
Official Documentation
https://docs.docker.com/build/buildkit/secret-build-args/Workarounds
-
95% success Ensure the secret file exists at the specified path before building: `echo "my-secret-value" > /tmp/my_secret && docker build --secret id=my_secret,src=/tmp/my_secret -t myimage .`
Ensure the secret file exists at the specified path before building: `echo "my-secret-value" > /tmp/my_secret && docker build --secret id=my_secret,src=/tmp/my_secret -t myimage .`
-
85% success Use environment variables instead of files for secrets in CI: `DOCKER_BUILDKIT=1 docker build --secret id=my_secret,env=MY_SECRET_ENV -t myimage .` and set `MY_SECRET_ENV` in the CI environment.
Use environment variables instead of files for secrets in CI: `DOCKER_BUILDKIT=1 docker build --secret id=my_secret,env=MY_SECRET_ENV -t myimage .` and set `MY_SECRET_ENV` in the CI environment.
中文步骤
Ensure the secret file exists at the specified path before building: `echo "my-secret-value" > /tmp/my_secret && docker build --secret id=my_secret,src=/tmp/my_secret -t myimage .`
Use environment variables instead of files for secrets in CI: `DOCKER_BUILDKIT=1 docker build --secret id=my_secret,env=MY_SECRET_ENV -t myimage .` and set `MY_SECRET_ENV` in the CI environment.
Dead Ends
Common approaches that don't work:
-
90% fail
Copying a secret into the image defeats the purpose of BuildKit secrets, which are meant to avoid embedding secrets in layers; also, the file must be available at build time, not in the Dockerfile.
-
75% fail
If the source path is incorrect, BuildKit cannot resolve it; the secret must be an absolute path or relative to the build context root.