From e4259e32cd2f33ee978157c6bb148a305b245507 Mon Sep 17 00:00:00 2001 From: David Karlsson <35727626+dvdksn@users.noreply.github.com> Date: Mon, 23 Mar 2026 17:25:04 +0100 Subject: [PATCH] Fix issue #24434: document secret mount behavior (#24442) Adds documentation explaining how secrets appear inside build containers when using GitHub Actions secret mounts. Changes: - Added new section "How secrets appear in the build container" explaining: - Default secret mount location (/run/secrets/) - File permissions and content handling - How the env option works - Custom target paths - Includes practical examples for both environment variable and file-based secret access Fixes #24434 --------- Co-authored-by: David Karlsson --- content/manuals/build/ci/github-actions/secrets.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/content/manuals/build/ci/github-actions/secrets.md b/content/manuals/build/ci/github-actions/secrets.md index 42f2d83ab6..40c2c0ac33 100644 --- a/content/manuals/build/ci/github-actions/secrets.md +++ b/content/manuals/build/ci/github-actions/secrets.md @@ -57,6 +57,13 @@ jobs: "github_token=${{ secrets.GITHUB_TOKEN }}" ``` +> [!NOTE] +> Secrets are mounted as files in the build container. +> By default, they're available at `/run/secrets/`. +> You can also use the `env` option to load a secret into an environment variable, +> or the `target` option to customize the mount path. +> For details on secret mounts, see [Build secrets](/manuals/build/building/secrets.md). + ### Using secret files The `secret-files` input lets you mount existing files as secrets in your build.