Passing build-time variables to Docker is a solvable problem. However, if you want that data to leave no traces in the image, it’s another story. For example, when you want to access private SSH repositories during a build. You had to watch out not to leak any secrets. Packing lots of commands into a single line, making sure to clean up with squashing (nah), using multi-stage builds to keep secrets in non-public files (okay), or coming up with elaborate schemes to access those secrets secur...
