Passing Gradle credentials into Jenkins `dockerfile`agent?

I am looking at getting a newly provisioned Jenkins to run an existing dockerfile which does a gradle build and produces a runtime image which is then to be pushed to our internal docker repository.

I have the following so far:

pipeline {
    agent {
        // https://www.jenkins.io/doc/book/pipeline/docker/#dockerfile
        dockerfile {
            // https://www.jenkins.io/doc/book/pipeline/syntax/#agent-parameters
            additionalBuildArgs  "--build-arg 'GIT_REPO=(git remote -v | head -1)' " +
                    "--build-arg 'JENKINS_BRANCH=$BRANCH_NAME' " +
                    "--build-arg 'JENKINS_BUILD_URL=$BUILD_URL' " +
                    "--build-arg 'GIT_SHA=(git rev-parse HEAD)' " +
                    "--build-arg 'ORG_GRADLE_PROJECT_artifactoryUsername=setnow' " +
                    "--build-arg 'ORG_GRADLE_PROJECT_artifactoryPassword=setnow'"
            registryCredentialsId "svc-artifactory"
            label 'set by us'

        }
    }

and I would like to provide the proper credential to the gradle build inside by setting the ORG_GRADLE_PROJECT_* variables. The credential to be used is "svc-artifactory" for this as well.

How am I to approach this?

(The GIT_* arguments are disabled shell commands I'm coming back to afterwards. Hints appreciated)

I would suggest to use Docker secrets with mount command.

RUN --mount=type=secret,id=secret_name myVariable=$(cat /run/secrets/secret_name) && $command

After that use withCredentials function and parse secret ID to a variable.

withCredentials([string(credentialsId: 'jenkinsSecretName', variable: 'mySecretENV')]) {
  docker build -f Dockerfile --secret id=secret_name,env=mySecretENV .
}

Please be aware that Docker secret is available only on this specific layer where it is defined and you will not be able to access it on another layer later.

StackExchange DevOps Q#17063, answer score: 2