Issue with Secrets in Docker Compose

Hi,
I’m struggling getting secrets correctly injected into webpack builds with my docker-compose setup.

I have a base image that builds all my applications and services. I build this in my okteto-pipeline.yml like so:

deploy:
  - okteto build -t okteto.dev/base . # base image that needs secrets
  - okteto build -t okteto.dev/react:${OKTETO_GIT_COMMIT} samples/reactjs-todo
  - okteto build -t okteto.dev/angular:${OKTETO_GIT_COMMIT} samples/angular-todo
  - okteto build -t okteto.dev/embedded-login:${OKTETO_GIT_COMMIT} samples/embedded-login
  - okteto build -t okteto.dev/central-login:${OKTETO_GIT_COMMIT} samples/central-login
  - okteto build -t okteto.dev/embedded-login:${OKTETO_GIT_COMMIT} samples/embedded-login
  - okteto stack deploy --build

I then define the ARG in the image like so

ARG AM_URL
ARG API_URL
ARG DEBUGGER_OFF
ARG REALM_PATH
ARG JOURNEY_LOGIN

But my base image does not seem to get the secrets here from okteto. I have undefined values in my builds still. I must be missing a step but I thought ARG would be the correct way to derive secrets for builds that have to happen at the image build time.

I have also tried to reassign the variables as ENV from the ARG value to no luck.

This base image is not “directly” called in my docker-compose file, but it is consumed by the images that are called in my docker-compose file. Essentially I need the secrets from okteto to get built into this image by okteto, and then call my docker compose file for building/deploying

If I use the envsubst command to populate an .env file, it seems to work best. This is what i’m using now, but maybe the above could be helpful for someone else

Hi @ryanbas21,
In order to pass secrets to your build, you need to use the flag --build-arg AM_URL ={AM_URL }.
Also, I would recommend moving to the new okteto manifest, which has its own section for defining builds: