[英]Use docker-build.yaml environment variable in angular package.json
I am trying to get the access token that is available in docker-build.yaml as an environemnt variable to package.json in my angular project I am trying to get the access token that is available in docker-build.yaml as an environemnt variable to package.json in my angular project
I am basically trying to get that auth token to access a private repository and install as a dependency我基本上是在尝试获取该身份验证令牌以访问私有存储库并作为依赖项安装
"repo_name": "https://github.com/<>:_authToken=${env.NPM_TOKEN}", "repo_name": "https://github.com/<>:_authToken=${env.NPM_TOKEN}",
something like this.像这样的东西。 when I tried this, it didn't work as the env.NPM_token is not received.
当我尝试这个时,它没有工作,因为没有收到 env.NPM_token。
So trying to see how to get that value in package.json所以试图看看如何在 package.json
So, first and foremost;所以,首先; you should never expose sensitive information like this in an
ENV
or ARG
variable, as they will be easily found by anyone.你不应该在
ENV
或ARG
变量中公开这样的敏感信息,因为任何人都可以轻松找到它们。
A way around this is to use so-called docker secrets.解决此问题的一种方法是使用所谓的 docker 机密。 Since you're using yaml, you have it relatively easy.
由于您使用的是 yaml,因此相对容易。
version: '3'
secrets:
npm_token:
file: ./token_on_host_system.txt
services:
node:
image: nodejs
secrets:
- npm_token
environment:
- NPM_TOKEN_FILE=/run/secrets/npm_token
now, the NPM_TOKEN_FILE
env variable will point to the file containing your secret.现在,
NPM_TOKEN_FILE
变量将指向包含您的秘密的文件。 You can now cat
this file and use it in your scripts using sed
or your tool of preference.您现在可以使用
cat
或您喜欢的工具来sed
此文件并在您的脚本中使用它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.