Skip to content

fix(docker): don't leak FA Pro token into build logs#1558

Merged
NathanFlurry merged 1 commit into
mainfrom
fix-docker-token-leak
Jun 29, 2026
Merged

fix(docker): don't leak FA Pro token into build logs#1558
NathanFlurry merged 1 commit into
mainfrom
fix-docker-token-leak

Conversation

@NathanFlurry

Copy link
Copy Markdown
Member

The website Dockerfile export-ed FONTAWESOME_PACKAGE_TOKEN in a RUN, which printed the token value into Railway build logs (and tripped BuildKit's SecretsUsedInArgOrEnv). The ARG is already in the RUN env, so the icons generate reads it directly — no echo. Verified: full Docker build passes (119 pages, image) and the token no longer appears in the build log.

🤖 Generated with Claude Code

The ARG is already in the RUN environment, so the icons generate reads
FONTAWESOME_PACKAGE_TOKEN directly instead of `export`-ing it (which printed the
token value into Railway build logs). Build behaviour is unchanged.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@railway-app railway-app Bot temporarily deployed to agentos / agentos-pr-1558 June 29, 2026 05:07 Destroyed
@railway-app railway-app Bot temporarily deployed to rivet-frontend / agentos-pr-1558 June 29, 2026 05:07 Destroyed
@NathanFlurry NathanFlurry merged commit 27d4506 into main Jun 29, 2026
2 of 4 checks passed
@NathanFlurry NathanFlurry deleted the fix-docker-token-leak branch June 29, 2026 05:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant