#How to access secrets from dockerfile

According to the documentation there is a secrets parameter in the build method.

Here is a simple example using python sdk:

import sys

import anyio

import dagger


async def test():
    async with dagger.Connection(dagger.Config(log_output=sys.stderr)) as client:

        src = client.host().directory(".")

        secret_token = client.set_secret("ghApiToken", "TOKEN")

        image = await client.container().build(context=src, dockerfile="./Dockerfile", secrets=[secret_token])

        image = image.with_exec(["env"])

        out = await image.stdout()

        print(out)

if __name__ == "__main__":
    anyio.run(test)

How can i access the secret from the Dockerfile?

Normally using buildkit secrets it would look something like:

RUN 
Learn more about the "RUN " Dockerfile command.
--mount=type=secret,id=github_token \
  cat /run/secrets/github_token

Obviusly that approach does not work. However the secret it isn't in the environment variables or in /run/secrets/ folder. How does it work exactly?

Found this PR https://github.com/dagger/dagger/pull/4971 which addresses this change, maybe some doc on this behaviour would be nice to have