diff --git a/website/content/docs/security.mdx b/website/content/docs/security.mdx index 0f6dc23..d8280de 100644 --- a/website/content/docs/security.mdx +++ b/website/content/docs/security.mdx @@ -79,6 +79,8 @@ For genuinely hostile code (anonymous user-submitted source, AI-agent-generated Avoid putting API keys in `env`. Avoid putting them in `entrypoint`. Avoid putting them in `dir` (they would be tarred into the seed archive and visible to anyone with access to the volume). +**Never put a secret in a `run[]`/`setup` build step.** Those compile into `RUN` instructions and are baked permanently into the cached image layer (`light-runner-cache:`); cache TTL eviction removes the image on a schedule but never scrubs the secret from a layer that already exists or that was pushed elsewhere. If a build step needs a credential (a private registry, an authenticated download), pass it at run time via `input` or a mounted file instead. + ## Hardening recipes ### Air-gapped run (no network, untrusted source code)