# 错误：解析失败：读取密钥 'my_secret' 失败：文件未找到或不是有效密钥

- **ID:** `cicd/dockerfile-buildkit-secret-not-found`
- **领域:** cicd
- **类别:** build_error
- **验证级别:** ai_generated
- **修复率:** 90%

## 根因

Docker BuildKit 无法找到通过 `--secret` 标志指定的密钥文件，因为路径不正确、文件不存在或密钥未正确挂载到构建上下文中。

## 版本兼容性

| 版本 | 状态 | 引入 | 弃用 |
|------|------|------|------|
| Docker 24.0.7 | active | — | — |
| Docker BuildKit 0.12.3 | active | — | — |

## 解决方案

1. ```
   Ensure the secret file exists at the specified path before building: `echo "my-secret-value" > /tmp/my_secret && docker build --secret id=my_secret,src=/tmp/my_secret -t myimage .`
   ```
2. ```
   Use environment variables instead of files for secrets in CI: `DOCKER_BUILDKIT=1 docker build --secret id=my_secret,env=MY_SECRET_ENV -t myimage .` and set `MY_SECRET_ENV` in the CI environment.
   ```

## 无效尝试

- **** — Copying a secret into the image defeats the purpose of BuildKit secrets, which are meant to avoid embedding secrets in layers; also, the file must be available at build time, not in the Dockerfile. (90% 失败率)
- **** — If the source path is incorrect, BuildKit cannot resolve it; the secret must be an absolute path or relative to the build context root. (75% 失败率)