Using the --secret flag allows you to mount secrets into your Docker container in a safe way where they won’t end up in the final image (official documentation).
Let’s say we want to download a file that is protected using basic auth. Our Dockerfile would look like this:
RUN --mount=type=secret,id=auth \
curl -O -u "$(cat /run/secrets/auth)" http://example.org/some-fileWhen building the container we need to pass the --secret flag and provide a file, like this:
$ echo "foo:bar" > auth.txt
$ docker build --secret id=auth,src=auth.txt .