I have a Apache web server that has a Basic auth protected URL e.x.
www.example.com/protected/
In my Dockerfile in the Openshift when I build an image i have curl commands that download the files. Now that curl command with basic auth would look like this when using basic auth
curl -u username:password http://www.example.com/protected/
Problem is I do not want to have username:password in the Dockerfile exposed. Instead I want to hide credentials in the Openshift/Kubernetes secret
Normally openshift yaml file for secret definition would look like this in the beginig
kind: Secret
apiVersion: v1
metadata:
name: secret-name
data:
Question: How do I add create a proper secret file for basic auth credentials and how do I then reference it from the Dockerfile?
Take a look at build secrets and also read how they work with Docker strategy.
To use this secret with curl
command I'd suggest to leverage -K
option with a path to a secret.
ended up creating this secret (yaml format) . Data in the .curl-secret file should be base64 encoded which is being decoded in the curl command in Dockerfile (further down).
apiVersion: v1
data:
.curl-secret: <YOUR_SECRET_HERE>
kind: Secret
metadata:
creationTimestamp: null
name: curl-secret
type: Opaque
and then in the build config adding reference to the secret.
source:
type: Git
git:
uri: 'https://GITHUB.URL'
ref: master
secrets:
- secret:
name: curl-secret
Then in the the Dockerfile I copy this file, use it and then delete it.
COPY .curl-secret /tmp
curl -u $(cat /tmp/.curl-secret) -s -o /output.file
rm /tmp/.curl-secret