Skip to content

Comments

PR 5: Remove secret exposure in Docker Build Args#321

Open
sr-857 wants to merge 1 commit intoGauravKarakoti:mainfrom
sr-857:feature/docker-secret-exposure-265
Open

PR 5: Remove secret exposure in Docker Build Args#321
sr-857 wants to merge 1 commit intoGauravKarakoti:mainfrom
sr-857:feature/docker-secret-exposure-265

Conversation

@sr-857
Copy link

@sr-857 sr-857 commented Feb 20, 2026
edited
Loading

PR 5: Secret Exposure in Docker Build Args (#265)

Technical Analysis

Sensitive keys like GROQ_API_KEY were being passed as Docker build arguments (ARG), which can be inspected in the Docker image history and layers, posing a security risk.

Proposed Solution

Remove secrets from the build phase and rely solely on runtime environment variables (ENV or .env files).

Changes

  • Removed GROQ_API_KEY from frontend/Dockerfile build steps.
  • Updated docker-compose.yaml to remove secret build arguments.
  • Verified that getGroqClient correctly retrieves the key from process.env at runtime.

Verification

  • Confirmed secrets are no longer present in build logs or image metadata.

@vercel
Copy link
Contributor

vercel bot commented Feb 20, 2026

@sr-857 is attempting to deploy a commit to the Gaurav's projects Team on Vercel.

A member of the Team first needs to authorize it.

@netlify
Copy link

netlify bot commented Feb 20, 2026
edited
Loading

Deploy Preview for swapsmithminiapp canceled.

Name Link
🔨 Latest commit fb65faa
🔍 Latest deploy log https://app.netlify.com/projects/swapsmithminiapp/deploys/6998b5af60efc10008c942fc

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sr-857