docs: add usage exaple for docker build secrets (#283)

xoxys · web-flow · commit c7c3ad694288 · 2023-06-28T20:42:47.000+02:00
diff --git a/_docs/content/_index.md b/_docs/content/_index.md
@@ -95,6 +95,29 @@ steps:
       tags: latest
 ```
 
+#### Expose secrets to the build
+
+The [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) can be used by the build using `RUN --mount=type=secret` mount.
+
+```Yaml
+kind: pipeline
+name: default
+
+steps:
+  - name: docker
+    image: thegeeklab/drone-docker-buildx:23
+    privileged: true
+    environment:
+      SECURE_TOKEN:
+        from_secret: secure_token
+    settings:
+      secrets:
+        - "id=raw_file_secret,src=file.txt"
+        - "id=SECRET_TOKEN"
+```
+
+To use secrets from files a [host volume](https://docs.drone.io/pipeline/docker/syntax/volumes/host/) is required. This should be used with caution and avoided whenever possible.
+
 ## Build
 
 Build the binary with the following command:
diff --git a/_docs/data/data.yaml b/_docs/data/data.yaml
@@ -267,6 +267,6 @@ properties:
     required: false
 
   - name: secrets
-    description: Pass [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) when building.
+    description: Exposes [secrets](https://docs.docker.com/engine/reference/commandline/buildx_build/#secret) to the build.
     type: list
     required: false
diff --git a/cmd/drone-docker-buildx/config.go b/cmd/drone-docker-buildx/config.go
@@ -324,7 +324,7 @@ func settingsFlags(settings *plugin.Settings, category string) []cli.Flag {
 		&cli.StringSliceFlag{
 			Name:        "secrets",
 			EnvVars:     []string{"PLUGIN_SECRETS"},
-			Usage:       "secret key-value pairs",
+			Usage:       "exposes secrets to the build",
 			Destination: &settings.Build.Secrets,
 			Category:    category,
 		},
diff --git a/plugin/impl.go b/plugin/impl.go
@@ -65,7 +65,7 @@ type Build struct {
 	Labels       cli.StringSlice // Docker build labels
 	Provenance   string          // Docker build provenance attestation
 	SBOM         string          // Docker build sbom attestation
-	Secrets      cli.StringSlice // Docker build secret key-pairs
+	Secrets      cli.StringSlice // Docker build secrets
 }
 
 // Settings for the Plugin.

Original file line number	Diff line number	Diff line change
`@@ -65,7 +65,7 @@ type Build struct {`
`65`	`65`	`Labels cli.StringSlice // Docker build labels`
`66`	`66`	`Provenance string // Docker build provenance attestation`
`67`	`67`	`SBOM string // Docker build sbom attestation`
`68`		`- Secrets cli.StringSlice // Docker build secret key-pairs`
	`68`	`+ Secrets cli.StringSlice // Docker build secrets`
`69`	`69`	`}`
`70`	`70`
`71`	`71`	`// Settings for the Plugin.`