Sensitive data should not be used in the ARG or ENV commands: Dockerfile

Build Check references the following issue:

> Sensitive data should not be used in the ARG or ENV commands: Dockerfile#L31
> SecretsUsedInArgOrEnv: Do not use ARG or ENV instructions for sensitive data (ENV "ACCESS_TOKEN_SALT") More info:
> https://docs.docker.com/go/dockerfile/rule/secrets-used-in-arg-or-env/

Solution:
Use docker build secrets instead: https://docs.docker.com/build/building/secrets/

Todo:
- [ ] JWT_SECRET
- [ ] REDIS_PW
- [ ] POSTGRES_PW
- [ ] ACCESS_TOKEN_SALT

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Sensitive data should not be used in the ARG or ENV commands: Dockerfile #21

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Sensitive data should not be used in the ARG or ENV commands: Dockerfile #21

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions