There doesn't seem to be any way to pass build-time secrets when using envbuilder, leaving me with no straight-forward option to include any Dockerfile with commands similar to:

RUN --mount=type=secret,id=test-token poetry config http-basic.test-token-pypi gitlab-ci-token $(cat /run/secrets/test-token)

I'd be willing to drop a patch for this, but I'm curious to hear opinions on whether or not this is something envbuilder can support without violating its design principles.