Skip to main content

Secrets

Dagger has built-in support for secrets — passwords, API keys, tokens — sourced from multiple providers. Secrets are never exposed in logs, written to container filesystems, or inserted into the cache.

Passing secrets​

Secrets are passed to functions via provider URIs:

# From environment variables
dagger call deploy --token=env:DEPLOY_TOKEN

# From files
dagger call deploy --token=file:./secrets/token.txt

# From command output
dagger call deploy --token=cmd:"aws sts get-session-token --query Token"

Providers​

Environment variables​

dagger call my-function --secret=env:MY_SECRET

Reads the value of MY_SECRET from the host environment.

Files​

dagger call my-function --secret=file:/path/to/secret

Reads the secret from a file on the host.

Command output​

dagger call my-function --secret=cmd:"command to run"

Runs the command on the host and uses its stdout as the secret value.

HashiCorp Vault​

dagger call my-function --secret=vault://secret/data/my-app#token

Reads from Vault. Requires the Dagger CLI to be authenticated with Vault (via VAULT_ADDR and VAULT_TOKEN environment variables or other standard Vault auth methods).

1Password​

dagger call my-function --secret=op://vault-name/item-name/field

Reads from 1Password. Requires authentication via op signin.

AWS Secrets Manager​

dagger call my-function --secret=aws+sm://prod/my-secret

For JSON secrets, extract a specific field:

dagger call my-function --secret=aws+sm://prod/database?field=password

Options: ?region=us-west-2, ?version=<id>, ?stage=AWSPREVIOUS.

AWS Parameter Store​

dagger call my-function --secret=aws+ps:///prod/api-key

SecureString parameters are automatically decrypted.

AWS authentication​

Both AWS providers use the default credential chain: environment variables, shared credentials file (~/.aws/credentials), or IAM role (EC2, ECS, Lambda).

Set the region with AWS_REGION or the ?region= query parameter.

Safeguards​

Dagger ensures secrets never leak:

  • Logs: Secret values are redacted from all output
  • Filesystem: Secrets are never written to container layers
  • Cache: Operations using secrets are excluded from cache keys

If a workflow crashes, secrets remain protected.