Passing Secrets

When creating an Execution Environment, it may be useful to use build secrets. This can be done with a combination of the use of additional_build_steps within the EE definition file, and the --extra-build-cli-args CLI option.

Use the --extra-build-cli-args CLI option to pass a build CLI argument that defines the secret:

ansible-builder build --extra-build-cli-args="--secret id=mytoken,src=my_secret_file.txt"

Then, use a custom RUN command within your EE definition file that references this secret:

---
version: 3

images:
  base_image:
    name: quay.io/centos/centos:stream9

additional_build_steps:
  prepend_base:
    - RUN --mount=type=secret,id=mytoken TOKEN=$(cat /run/secrets/mytoken) some_command

options:
  skip_ansible_check: true