Remove sensetive data from the build context #1861
Labels
area/filesystems
For all bugs related to kaniko container filesystems (mounting issues etc)
area/security
categorized
differs-from-docker
issue/files-mounted-unexpectedly
issue/sensitive-data
kind/enhancement
New feature or request
priority/p0
Highest priority. Break user flow. We are actively looking at delivering it.
priority/p1
Basic need feature compatibility with docker build. we should be working on this next.
Actual behavior
Currently user can get access to the docker config and gcr keys from the build context.
I think it would be much better and safer to avoid doing this.
Expected behavior
DOCKER_CONFIG
is not a mountpoint, and does not containing other mountpoints, preserve the content into RAM before starting the buildDOCKER_CONFIG
location.To Reproduce
Try building following Dockerfile:
Additional Information
Dockerfile
Build Context
Any context when you need to push the image to the registry
Kaniko Image
Triage Notes for the Maintainers
--cache
flagThe text was updated successfully, but these errors were encountered: