How to do cloud login from docker using env variables

I am trying to log in to Prefect Cloud from a docker container. If I hardcode my key and workspace in my dockerfile or in the script I’m running as entrypoint I can login fine. But if I pass these in as either ARG or ENV values I can’t.

# Dockerfile

FROM prefecthq/prefect:2.7.10-python3.10


# Install poetry
RUN pip install --upgrade pip
RUN pip install poetry

# Copy the project to image
COPY /src /opt/my-project/src
COPY pyproject.toml poetry.lock /opt/my-project/
WORKDIR /opt/my-project

# Install packages in the system Python
RUN poetry config virtualenvs.create false
RUN poetry config virtualenvs.prefer-active-python true
RUN poetry install --no-dev
RUN prefect cloud login -k <PREFECT_API_KEY> -w <PREFECT_API_WORKSPACE>

# ./

echo 'Deploying flows...'
cd src
prefect deployment apply my_first-deployment.yaml
prefect deployment apply my_second-deployment.yaml
cd ..

exec /opt/prefect/ "$@"

It doesn’t seem to matter whether I pass the variables in at the build stage as --build-arg or at run stage with --env-file or whether I do the cloud login in the dockerfile or in If it’s hardcoded, it’s fine. If it’s passed in as a variable it doesn’t work.

If the login attempt is in the dockerfile, the terminal output looks the same whether using a variable or hardcoded, but I am only actually logged in if hardcoded. If I do it in the, the login attempt passing in a variable is followed by a message “This profile is already authenticated with that key.” but it isn’t logged in and the deployments do not appear on the cloud. The login attempt with hardcoded values gets “Authenticated with Prefect Cloud! Using workspace ” and the deployments are made as intended.

I can’t understand it. I don’t want to be hardcoding my API key.