{ "id": "docker/secret-not-found-in-build", "signature": "failed to solve: failed to resolve secret: secret 'npm_token' not found", "signature_zh": "无法解决:无法解析密钥:密钥 'npm_token' 未找到", "regex": "failed to resolve secret: secret '[^']+' not found", "domain": "docker", "category": "build_error", "subcategory": null, "root_cause": "Docker BuildKit secret referenced in the Dockerfile via --mount=type=secret is not provided during the build command, or the secret ID does not match.", "root_cause_type": "generic", "root_cause_zh": "Dockerfile 中通过 --mount=type=secret 引用的 BuildKit 密钥在构建命令中未提供,或者密钥 ID 不匹配。", "versions": [ { "version": "Docker 24.0.6", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "BuildKit 0.12.2", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "Docker Compose v2.21.0", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" }, { "version": "Node.js 20.0.0", "introduced": null, "deprecated": null, "removed": null, "behavior_change": null, "status": "active" } ], "os_specific": {}, "dead_ends": [ { "action": "Setting the secret as an environment variable using ENV in Dockerfile", "why_fails": "Secrets are designed to avoid embedding in the image; ENV persists the value in layers. The error persists because the mount still expects a secret source.", "fail_rate": 0.85, "condition": "", "sources": [] }, { "action": "Adding 'RUN --mount=type=secret,id=npm_token' without the --secret flag in the build command", "why_fails": "The mount declaration alone is insufficient; you must pass the secret from the host using '--secret id=npm_token,src=path' during build.", "fail_rate": 0.9, "condition": "", "sources": [] }, { "action": "Creating a .env file and using docker compose build", "why_fails": "Compose does not automatically inject .env files as BuildKit secrets; they become build args, not secrets. The secret mount still fails.", "fail_rate": 0.7, "condition": "", "sources": [] } ], "workarounds": [ { "action": "Pass the secret during build: 'DOCKER_BUILDKIT=1 docker build --secret id=npm_token,src=./npm_token.txt -t myapp .'", "success_rate": 0.9, "how": "Pass the secret during build: 'DOCKER_BUILDKIT=1 docker build --secret id=npm_token,src=./npm_token.txt -t myapp .'", "condition": "", "sources": [] }, { "action": "Use docker compose with a secrets section in docker-compose.yml: define the secret under 'secrets:' and reference it in the build block with 'secrets: [npm_token]'.", "success_rate": 0.85, "how": "Use docker compose with a secrets section in docker-compose.yml: define the secret under 'secrets:' and reference it in the build block with 'secrets: [npm_token]'.", "condition": "", "sources": [] }, { "action": "Verify the secret ID in the Dockerfile matches exactly: check '--mount=type=secret,id=npm_token' and ensure the build command uses '--secret id=npm_token'.", "success_rate": 0.95, "how": "Verify the secret ID in the Dockerfile matches exactly: check '--mount=type=secret,id=npm_token' and ensure the build command uses '--secret id=npm_token'.", "condition": "", "sources": [] } ], "workarounds_zh": [ "在构建时传递密钥:'DOCKER_BUILDKIT=1 docker build --secret id=npm_token,src=./npm_token.txt -t myapp .'", "使用 docker compose 并在 docker-compose.yml 中定义 secrets 部分:在 'secrets:' 下定义密钥,并在构建块中使用 'secrets: [npm_token]' 引用。", "检查 Dockerfile 中的密钥 ID 是否完全匹配:确保 '--mount=type=secret,id=npm_token' 与构建命令中的 '--secret id=npm_token' 一致。" ], "transition_graph": { "leads_to": [], "preceded_by": [], "frequently_confused_with": [] }, "official_doc_url": "https://docs.docker.com/build/building/secrets/", "official_doc_section": null, "error_code": null, "verification_tier": "ai_generated", "confidence": 0.88, "fix_success_rate": 0.9, "resolvable": "true", "first_seen": "2023-07-22", "last_confirmed": "2024-06-01", "last_updated": "2024-06-01", "evidence_count": 1, "tags": [], "locale": "en", "aliases": [] }