From d60df21dda179cd88e4d87f7e95047b659ce6286 Mon Sep 17 00:00:00 2001
From: Emanuel Fernandes <efernandes@tektorque.com>
Date: Sun, 13 Feb 2022 20:10:52 +0000
Subject: [PATCH] Add an example of accessing the secrets file without root
 permissions

---
 docs/advanced/secrets.md | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/docs/advanced/secrets.md b/docs/advanced/secrets.md
index d7dc54f..9923ac8 100644
--- a/docs/advanced/secrets.md
+++ b/docs/advanced/secrets.md
@@ -13,6 +13,23 @@ RUN --mount=type=secret,id=github_token \
   cat /run/secrets/github_token
 ```
 
+If you need access to the `secrets` file from a non-root user, you'll need to set the `uid` in the `--mount` argument:
+
+```Dockerfile
+#syntax=docker/dockerfile:1.2
+
+FROM alpine
+
+# Create non-root user
+RUN addgroup -S newuser && adduser -u 1001 -S -g newuser newuser
+
+# Run everything after as non-privileged user.
+USER newuser
+
+RUN --mount=type=secret,uid=1001,id=github_token \
+  cat /run/secrets/github_token
+```
+
 As you can see we have named our secret `github_token`. Here is the workflow you can use to expose this secret using
 the [`secrets` input](../../README.md#inputs):