There does not seem to be documentation on how to consume the values from --secretBuildArgs in your docker script.
If I look at the code, it seems to map to docker build args:
https://github.com/Azure/acr-builder/blob/main/cmd/acb/commands/build/build.go#L302
This is odd as the docker documentation says never to use build args for secrets as they are stored in the logs.
https://docs.docker.com/engine/reference/builder/#arg
After testing I have seen the secrets shown in the Logs in the Azure portal. These are secrets that viewers of the logs should not see. This came up as I used a { character in the secret value and that broke the script.
There does not seem to be documentation on how to consume the values from
--secretBuildArgsin your docker script.If I look at the code, it seems to map to docker build args:
https://github.com/Azure/acr-builder/blob/main/cmd/acb/commands/build/build.go#L302
This is odd as the docker documentation says never to use build args for secrets as they are stored in the logs.
https://docs.docker.com/engine/reference/builder/#arg
After testing I have seen the secrets shown in the Logs in the Azure portal. These are secrets that viewers of the logs should not see. This came up as I used a
{character in the secret value and that broke the script.