Releases: sst/sst
Releases · sst/sst
v3.17.3
v3.17.2
v3.17.0
Breaking Changes in sst.aws.Service and sst.aws.Task
Previously, when linking components to a Service or Task, SST passed the linking data into the container as Docker build arguments. This can be insecure when the linking data include sensitive values, ie. passwords for Postgres or Redis components, since build arguments can be exposed in build logs.
Starting from v3.17.0, SST now passes linking data using Docker secrets, which are not exposed in logs, providing a more secure mechanism for handling sensitive values.
How to Migrate
This only affects you if your Dockerfile needs access to linked resources during build time.
To migrate your Dockerfile to use Docker secrets:
- Remove all
ARG SST_RESOURCE_<resource_name>declarations from yourDockerfile. - Update your build command to mount secrets, like so:
- RUN npm run build + RUN --mount=type=secret,id=SST_RESOURCE_<resource_name>,env=SST_RESOURCE_<resource_name>` npm run build
- Deploy the changes.