Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
hiddew
6 months ago
|
parent
|
context
|
favorite
| on:
We reduced a container image from 800GB to 2GB
> For stuff like security keys you should typically add them as build args, not as content in the image.
Do not use build arguments for anything secret. The values are committed into the image layers.
never_inline
5 months ago
[–]
Yep. The only valid usecase I think of is using the secret for something else, eg connecting to an internal package registry, in which case the secret mounts may help.
Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
Do not use build arguments for anything secret. The values are committed into the image layers.