Problem with passing multiple build secrets with `--build-secre` flag

I am trying to deploy a Strapi app that requires multiple secrets during the builds. I am following the official Build Secrets doc but keep getting No such file or directory for the last 4 secrets from the command. Is this the right usage for passing multiple secrets?

// Command
flyctl deploy \
    --build-secret DATABASE_URL=XXX \
    --build-secret APP_KEYS=XXX \
    --build-secret API_TOKEN_SALT=XXX \
    --build-secret ADMIN_JWT_SECRET=XXX \
    --build-secret JWT_SECRET=XXX

// Error
 > [builder 9/9] RUN --mount=type=secret,id=DATABASE_URL DATABASE_URL="$(cat /run/secrets/DATABASE_URL)"   --mount=type=secret,id=APP_KEYS APP_KEYS="$(cat /run/secrets/APP_KEYS)"   --mount=type=secret,id=API_TOKEN_SALT API_TOKEN_SALT="$(cat /run/secrets/API_TOKEN_SALT)"   --mount=type=secret,id=ADMIN_JWT_SECRET ADMIN_JWT_SECRET="$(cat /run/secrets/ADMIN_JWT_SECRET)"   --mount=type=secret,id=JWT_SECRET JWT_SECRET="$(cat /run/secrets/JWT_SECRET)"   npm run build:
#12 0.355 cat: /run/secrets/APP_KEYS: No such file or directory
#12 0.355 cat: /run/secrets/API_TOKEN_SALT: No such file or directory
#12 0.356 cat: /run/secrets/ADMIN_JWT_SECRET: No such file or directory
#12 0.357 cat: /run/secrets/JWT_SECRET: No such file or directory
#12 0.357 /bin/sh: 1: --mount=type=secret,id=APP_KEYS: not found
// Dockerfile
 
RUN --mount=type=secret,id=DATABASE_URL DATABASE_URL="$(cat /run/secrets/DATABASE_URL)" \
  --mount=type=secret,id=APP_KEYS APP_KEYS="$(cat /run/secrets/APP_KEYS)" \
  --mount=type=secret,id=API_TOKEN_SALT API_TOKEN_SALT="$(cat /run/secrets/API_TOKEN_SALT)" \
  --mount=type=secret,id=ADMIN_JWT_SECRET ADMIN_JWT_SECRET="$(cat /run/secrets/ADMIN_JWT_SECRET)" \
  --mount=type=secret,id=JWT_SECRET JWT_SECRET="$(cat /run/secrets/JWT_SECRET)" \
  npm run build
1 Like

Did you find a solution to this problem? Iā€™m facing the same problem with multiple build secrets.

You need to first put all of the --mount flags, and then set all of the env vars, like this:

RUN --mount=type=secret,id=DATABASE_URL \
    --mount=type=secret,id=APP_KEYS \
    --mount=type=secret,id=API_TOKEN_SALT \
    --mount=type=secret,id=ADMIN_JWT_SECRET \
    --mount=type=secret,id=JWT_SECRET \
  DATABASE_URL="$(cat /run/secrets/DATABASE_URL)" \
  APP_KEYS="$(cat /run/secrets/APP_KEYS)" \
  API_TOKEN_SALT="$(cat /run/secrets/API_TOKEN_SALT)" \
  ADMIN_JWT_SECRET="$(cat /run/secrets/ADMIN_JWT_SECRET)" \
  JWT_SECRET="$(cat /run/secrets/JWT_SECRET)" \
  npm run build

4 Likes

On a related note, maybe it will help someone:
If we want to pass multiple secrets when with fly deploy command:

# WRONG syntax
fly deploy --build-secret SECRET1=foo,SECRET2=bar

# CORRECT syntax
fly deploy --build-secret SECRET1=foo --build-secret SECRET2=bar