This message was deleted.

I've done this before, but I can't find any of my own examples at the moment, but you'd probably need to do a custom Docker image with a Template (https://docs.bentoml.org/en/latest/guides/containerization.html#dockerfile-template) and use a

secret

type mount to pass in a pip.conf file: https://towardsdatascience.com/secure-your-docker-images-with-docker-secrets-f2b92ec398a0

yeah that is the conclusion I was just coming to. I tried passing a build-arg just now but it does not seem to make it all the way down into

install.sh

to be useful

most welcome!

Hi there, for private index you can pass it directly to

bentofile.yaml

https://docs.bentoml.org/en/latest/concepts/bento.html#pip-install-options And for crendentials mounting you probably will need to have a custom docker template that use

--mount=type=secret

for best security practice Note that during containerize you can pass that secret id via

--opt

bentoml containerize --opt secret=id=credentials,src=/path/to/cred ...

yeah my understanding here is that the whole bentofile would need to basically be a secret, it’s just not really compatible with the way our build processes work today. I was able to get a template which adds a build arg to the Dockerfile to address this (which is how I ran into the other issue I posted about)