Advanced Docker & Containers
Q94 / 100

What does "docker build --secret" address, and what problem does it solve compared to using "ARG" for sensitive values like API keys?

Correct! Well done.

Incorrect.

The correct answer is B) "--secret" mounts a secret file only during a specific RUN instruction without persisting it in any layer, whereas "ARG" values can end up cached in build history/layers and be extracted from the final image, leaking sensitive data

B

Correct Answer

"--secret" mounts a secret file only during a specific RUN instruction without persisting it in any layer, whereas "ARG" values can end up cached in build history/layers and be extracted from the final image, leaking sensitive data

Explanation

Build arguments (ARG) can be inspected via "docker history" or remain in intermediate layers, risking credential leakage; BuildKit's "--secret" mounts sensitive files transiently during a build step without writing them into any layer.

Previous All Questions Next
Progress
94/100
🐳

Browse All Docker & Containers Questions

100 questions · beginner to advanced