Codespaces: Using secrets in Dockerfile

Is it possible to refer to a secret from within the Dockerfile during Codespaces start-up?
I tried echoing a secret I added (with codespace instance stopped and resumed), but no luck with that. Is it possible to inject this as build.args in devcontainers.json?
I assume currently what Github’s team is doing is injecting the secrets via the “remoteEnv” key in devcontainers.json, but then I can’t really access them in my dockerfile.

I’ve introduced a secret in settings → secrets → codespaces called FOO, and this is what I tried to echo but it’s resulting in blank:

RUN echo $FOO
RUN echo $FOO

I was able to later access this in the terminal via echo $FOO.

More on my use case, I need to use the secret to access a privately hosted package registry in Python (a privately-hosted PyPi registry in GCP), but the secrets I introduce as <*>_CONTAINER_REGISTRY_SERVER would not do it, and I think that’s because it only works with a docker registry possibly via a docker login initially. So I’m looking for ways to build our application that has a privately hosted package registry…

Also unrelated… but what is the best place to ask Codespaces questions right now? I understand it was just recently released and the team might still be building up better support around it. It seems like it has been a little bit difficult - the documentation is great but does not cover everything yet; reached out in Github Support but it’s taking time to getting attention. Can someone advise the best way to reach out? Is it the forum or Github Support? Or did I miss out on any slack community etc? What’s the quickest way to get an answer of something? I’d really appreciate it, thanks!!


I would also be interested in this feature. Additionally, I would like to use a secret in a Docker Compose file environment section for a service container (not the main app container). My use case is passing an API token for an external tracing service to the OpenTelemetry Collector running as a sidecar.


This would be very useful in situations where you want to install Rubygems or NPM dependencies etc. within the Dockerfile from a private registry.