docker build_error ai_generated true

failed to solve: failed to resolve secret: secret 'npm_token' not found

ID: docker/secret-not-found-in-build

Also available as: JSON · Markdown · 中文
90%Fix Rate
88%Confidence
1Evidence
2023-07-22First Seen

Version Compatibility

VersionStatusIntroducedDeprecatedNotes
Docker 24.0.6 active
BuildKit 0.12.2 active
Docker Compose v2.21.0 active
Node.js 20.0.0 active

Root Cause

Docker BuildKit secret referenced in the Dockerfile via --mount=type=secret is not provided during the build command, or the secret ID does not match.

generic

中文

Dockerfile 中通过 --mount=type=secret 引用的 BuildKit 密钥在构建命令中未提供,或者密钥 ID 不匹配。

Official Documentation

https://docs.docker.com/build/building/secrets/

Workarounds

  1. 90% success Pass the secret during build: 'DOCKER_BUILDKIT=1 docker build --secret id=npm_token,src=./npm_token.txt -t myapp .' 
    Pass the secret during build: 'DOCKER_BUILDKIT=1 docker build --secret id=npm_token,src=./npm_token.txt -t myapp .'
  2. 85% success Use docker compose with a secrets section in docker-compose.yml: define the secret under 'secrets:' and reference it in the build block with 'secrets: [npm_token]'. 
    Use docker compose with a secrets section in docker-compose.yml: define the secret under 'secrets:' and reference it in the build block with 'secrets: [npm_token]'.
  3. 95% success Verify the secret ID in the Dockerfile matches exactly: check '--mount=type=secret,id=npm_token' and ensure the build command uses '--secret id=npm_token'. 
    Verify the secret ID in the Dockerfile matches exactly: check '--mount=type=secret,id=npm_token' and ensure the build command uses '--secret id=npm_token'.

中文步骤

  1. 在构建时传递密钥:'DOCKER_BUILDKIT=1 docker build --secret id=npm_token,src=./npm_token.txt -t myapp .'
  2. 使用 docker compose 并在 docker-compose.yml 中定义 secrets 部分:在 'secrets:' 下定义密钥,并在构建块中使用 'secrets: [npm_token]' 引用。
  3. 检查 Dockerfile 中的密钥 ID 是否完全匹配:确保 '--mount=type=secret,id=npm_token' 与构建命令中的 '--secret id=npm_token' 一致。

Dead Ends

Common approaches that don't work:

  1. Setting the secret as an environment variable using ENV in Dockerfile 85% fail

    Secrets are designed to avoid embedding in the image; ENV persists the value in layers. The error persists because the mount still expects a secret source.

  2. Adding 'RUN --mount=type=secret,id=npm_token' without the --secret flag in the build command 90% fail

    The mount declaration alone is insufficient; you must pass the secret from the host using '--secret id=npm_token,src=path' during build.

  3. Creating a .env file and using docker compose build 70% fail

    Compose does not automatically inject .env files as BuildKit secrets; they become build args, not secrets. The secret mount still fails.