Comment by hiddew
> For stuff like security keys you should typically add them as build args, not as content in the image.
Do not use build arguments for anything secret. The values are committed into the image layers.
> For stuff like security keys you should typically add them as build args, not as content in the image.
Do not use build arguments for anything secret. The values are committed into the image layers.
Yep. The only valid usecase I think of is using the secret for something else, eg connecting to an internal package registry, in which case the secret mounts may help.