From 10295e665eee246866496734a1519a5f9996acf1 Mon Sep 17 00:00:00 2001
From: enixCode <58286681+enixCode@users.noreply.github.com>
Date: Thu, 4 Jun 2026 22:05:41 +0200
Subject: [PATCH] docs(security): warn against secrets in run[]/setup build
 steps

A secret in a run[]/setup step is compiled into a RUN instruction and baked
into the cached image layer; cache TTL eviction never scrubs it. Document
passing build-time credentials via input or a mounted file instead (S3).

build with cc
---
 website/content/docs/security.mdx | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/website/content/docs/security.mdx b/website/content/docs/security.mdx
index 0f6dc23..d8280de 100644
--- a/website/content/docs/security.mdx
+++ b/website/content/docs/security.mdx
@@ -79,6 +79,8 @@ For genuinely hostile code (anonymous user-submitted source, AI-agent-generated
 
 Avoid putting API keys in `env`. Avoid putting them in `entrypoint`. Avoid putting them in `dir` (they would be tarred into the seed archive and visible to anyone with access to the volume).
 
+**Never put a secret in a `run[]`/`setup` build step.** Those compile into `RUN` instructions and are baked permanently into the cached image layer (`light-runner-cache:<sha>`); cache TTL eviction removes the image on a schedule but never scrubs the secret from a layer that already exists or that was pushed elsewhere. If a build step needs a credential (a private registry, an authenticated download), pass it at run time via `input` or a mounted file instead.
+
 ## Hardening recipes
 
 ### Air-gapped run (no network, untrusted source code)