Skip to main content

Internal Secrets

Example YAML configuration for a project requiring a secrets to be used within a step

Scenario

User is looking to create a pipeline that can inject configuration that can not be placed into a YAML file. A simple example would be producing a Docker image with username and password.

tip

It is assumed you have created secrets docker_username and docker_password in the web interface or CLI.

warning

Internal secrets do NOT have the pull_request event enabled by default. This is intentional to help mitigate exposure via a pull request against the repo. You can override this behavior, at your own risk, for each secret.

The examples show a pipeline using repo secrets. Vela contains three secret types: repo, org, and shared. Please see the secret concepts documentation.

Steps

The following pipeline concepts are being used in the pipeline below:

The following Vela plugins are being used in the pipeline below:

tip

Pipeline must be stored in base of repository as .vela.yml or .vela.yaml

It is recommended to pin image: versions for production pipelines

version: "1"

steps:
  - name: publish hello world
    image: target/vela-docker:latest
    pull: always
    secrets: [ docker_username, docker_password ]
    parameters:
      registry: index.docker.io
      repo: index.docker.io/vela/hello-world


secrets:
  - name: docker_username
    key: vela/hello-world/docker_username
    engine: native
    type: repo

  - name: docker_password
    key: vela/hello-world/docker_password
    engine: native
    type: repo

Stages

The following pipeline concepts are being used in the pipeline below:

The following Vela plugins are being used in the pipeline below:

tip

Pipeline must be stored in base of repository as .vela.yml or .vela.yaml

It is recommended to pin image: versions for production pipelines

version: "1"

stages:
  docker:
    steps:
      - name: publish hello world
        image: target/vela-docker:latest
        pull: always
        secrets: [ docker_username, docker_password ]
        parameters:
          registry: index.docker.io
          repo: index.docker.io/vela/hello-world

secrets:
  - name: docker_username
    key: vela/hello-world/docker_username
    engine: native
    type: repo

  - name: docker_password
    key: vela/hello-world/docker_password
    engine: native
    type: repo