Open MihaiBSony opened 1 year ago
Thanks for filing this!
cc @bdmac, who drove the declarative secrets proposal in the spec: https://github.com/devcontainers/spec/issues/198.
Now that Features can contribute lifecycle hooks, a good workaround here is to offload anything that needs a (Codespace) secret to a lifecycle hook. Those run in the same context as lifecycle hooks directly in the devcontainer.json
See an example here: https://github.com/codspace/feature-using-secret . Creating this dev container will write the value of MY_CODESPACE_SECRET
to foo.txt
in the workspace folder.
As I understood the original request was to pass secrets at build time to the features, as currently the only way to pass secrets would be through the feature options, which could potentially leak them. I supose this means extending the secrets proposal, am I right?
In our project we are building devcontainers with some packages from private registries preinstalled. We'd like to switch the installation process from dockerfiles to features, but we couldn't find an official way of passing secrets to devcontainer features.
Since I saw some progress in implementing secrets for other devcontainers-cli commands, now seems like a good time for this feature request.