I have written about this topic before in the past. If you don’t watch out, you can easily leak your SSH credentials into your Docker image, sometimes without even noticing. Handling build-time secrets got easier with BuildKit, and the same goes for SSH secrets. However, there’s a special mechanism to pass SSH credentials into your building Docker image without leaving a trace, with is an even better fit than the new secret mount type.
