0

I'm building a docker image. I want the image to be able to pull from private repos. Per some advice I found on a blog, I have this line in the Dockerfile:

RUN git config --global url."https://<access_token_goes_here>:@github.com/".insteadOf "https://github.com/"

It works, but now I've got the access token embedded in the container and in the Dockerfile which doesn't seem secure.

What's the best practice for this?

StevieD
  • 6,925
  • 2
  • 25
  • 45
  • Pass it in as an environment variable. – ProgrammingLlama Dec 14 '22 at 15:45
  • 1
    [This answer](https://stackoverflow.com/a/55761914/10008173) to [Clone private git repo with dockerfile](https://stackoverflow.com/questions/23391839/clone-private-git-repo-with-dockerfile) covers a couple of good approaches, mostly focused around making an ssh key available without actually putting it in your image. Do those proposed setups help? – David Maze Dec 14 '22 at 15:48
  • Yeah, I think that makes the most sense. Thanks. – StevieD Dec 14 '22 at 16:01

0 Answers0