How to pass build secrets to the build image with files

mario · March 9, 2026, 10:41am

Hi,

I want to create an ENV VAR with the value of a secret that I want to mount in my Dockerfile and use it in a RUN command there.

How can I do it with Okteto?

mario · March 9, 2026, 10:48am

Okteto has an option in the build section of the Manifest where you can add secrets.

The important thing to note here is that Okteto uses in this part the format of FILES.

You cant add in secrets directly the content of an ENV VAR like $MY_VAR

How to do it then?

The best and more secured option is to create in the same repository a file: .my_secretand inside the file having : $MY_SECRET

Then you can add to Okteto Admin Variables (or Settings→Variables) the value of MY_SECRET

In the Okteto manifest:

build:

  test-secret:

    secrets:

       my_mount_secret: .my_secret

And in the Dockerfile:

RUN --mount=type=secret,id=my_mount_secret \

    export MY_SECRET=$(cat /run/secrets/my_mount_secret || echo "(no secret)") && echo $MY_SECRET

We have a sample repo prepared for this with instructions to test it:

Topic		Replies	Views
Mount secrets during build step How Do I?	3	1030	June 1, 2023
How can I use in my Dockerfile a secret coming from an ENV	1	94	July 28, 2025
Issue with Secrets in Docker Compose Help	7	1068	July 8, 2022
How can use secret as env var? How Do I?	1	798	September 28, 2022
Environment variables and secrets from UI vs file How Do I?	2	845	November 21, 2022