Skip to main content

Secrets

Dagger has built-in support for secrets — passwords, API keys, tokens — sourced from multiple providers. Secrets are never exposed in logs, written to container filesystems, or inserted into the cache.

Passing secrets

Secrets are passed to functions via provider URIs:

# From environment variables
dagger api call deploy --token=env:DEPLOY_TOKEN

# From files
dagger api call deploy --token=file:./secrets/token.txt

# From command output
dagger api call deploy --token=cmd:"aws sts get-session-token --query Token"

Providers

Environment variables

dagger api call my-function --secret=env:MY_SECRET

Reads the value of MY_SECRET from the host environment.

Files

dagger api call my-function --secret=file:/path/to/secret

Reads the secret from a file on the host.

Command output

dagger api call my-function --secret=cmd:"command to run"

Runs the command on the host and uses its stdout as the secret value.

HashiCorp Vault

dagger api call my-function --secret=vault://my-app.token

Reads the token field of the KVv2 secret my-app. The path is relative to the KVv2 mount, which defaults to secret and can be changed with VAULT_PATH_PREFIX. Add ?ttl=1h to control client-side caching. Requires the Dagger CLI to be authenticated with Vault (via VAULT_ADDR and VAULT_TOKEN environment variables or other standard Vault auth methods).

1Password

dagger api call my-function --secret=op://vault-name/item-name/field

Reads from 1Password. Requires authentication via op signin.

AWS Secrets Manager

dagger api call my-function --secret=aws+sm://prod/my-secret

For JSON secrets, extract a specific field:

dagger api call my-function --secret=aws+sm://prod/database?field=password

Options: ?region=us-west-2, ?version=<id>, ?stage=AWSPREVIOUS.

AWS Parameter Store

dagger api call my-function --secret=aws+ps://prod/api-key

Reads the parameter /prod/api-key (the leading slash is added for you). SecureString parameters are automatically decrypted.

AWS authentication

Both AWS providers use the default credential chain: environment variables, shared credentials file (~/.aws/credentials), or IAM role (EC2, ECS, Lambda).

Set the region with AWS_REGION or the ?region= query parameter.

Google Cloud Secret Manager

dagger api call my-function --secret=gcp://my-secret

A bare name reads the secret from your default project; use gcp://project/PROJECT_ID/secrets/SECRET_NAME/versions/VERSION to be explicit. Uses Application Default Credentials.

libsecret (GNOME Keyring)

dagger api call my-function --secret=libsecret://login/my-secret

Reads from the host's freedesktop.org Secret Service (e.g. GNOME Keyring) on Linux.

Safeguards

Dagger ensures secrets never leak:

  • Logs: Secret values are redacted from all output
  • Filesystem: Secrets are never written to container layers
  • Cache: Operations using secrets are excluded from cache keys

If a workflow crashes, secrets remain protected.