When using --mount=type=secret,env=... it should be possible to select the environment variable behaviour if the secret is not present #6498
Description
Description
At the moment when using --mount=type=secret,env=... in Dockerfiles, the behaviour is that if a secret is not present then the environment variable is set but set to the empty string.
This causes issues for processes that work based on the presence of environment variables. For example, in Cargo, setting an environment variable like CARGO_REGISTRIES_.... will override that option in the credentials.toml file. As such you have to resort to a workaround where you write the secret to a file and then set the value from that, if such a value exists, which diminishes the power of the env key.
It would be infinitely preferable if it were possible to set a new key-value pair in the mount options that allowed you to configure the behaviour, if the secret didn't exist. For example missing=unset|empty, where empty is the current default. Obviously this would need to be mutually exclusive with required. I know there was some discussion on this in #2122 but it would be good to see if we could get this to work too.
If this sounds like a sensible idea I'm happy to submit a PR, looking forward to the feedback!