Secrets

Learn about internal Vela secrets.

This page will primarily focus on internal secrets. Check out external secrets examples. To learn how to use internal or external secrets in your pipeline, check out the secrets tour.

Internal Secrets

Internal secrets are generally managed via the UI or the CLI. They can also be managed via the API.

A full pipeline example is available here

Example pipeline yaml block for internal secrets

secrets:
  - name: foo1
    key: github/ocotocat/foo
    engine: native
    type: repo

Name

The name of your secret.

Key

The key is autogenerated based on the other secret components, following this convention (see Type).

  • Repository: <org>/<repo>/<name>
  • Organization: <org>/<name>
  • Shared: <org>/<team>/<name>

Engine

The native secret engine is designed to store secrets in the database. This component exists for configuration future-proofing; allowing easier expansion for additional options in the future.

Type

There are three types of internal secrets, with equivalent example paths for the UI:

  • Repository - https://vela.example.com/-/secrets/native/repo/<org>/<repo>
  • Organization - https://vela.example.com/-/secrets/native/org/<org>
  • Shared - https://vela.example.com/-/secrets/native/shared/<org>/<team>

Repository

Repository secrets are scoped to only a single repository. In order to create/modify these secrets you must be a repository admin within the source code manager.

Example yaml block for repository secret type

secrets:
  - name: foo1
    key: github/ocotocat/foo1
    engine: native
    type: repo

Organization

Organization secrets are scoped to any repository in the organization. In order to create/modify these secrets you must be an organization admin within the source code manager.

Example yaml block for organization secret type

secrets:
  - name: foo
    key: github/foo
    engine: native
    type: org

Shared

Shared secrets are scoped to any repository in the source code manager (SCM). Shared secrets are unique in the case they require a team to exist in your SCM org. In order to create/modify these secrets you must be a member of the SCM team.

Example yaml block for shared secret type

secrets:
  - name: foo
    key: github/ocotokitties/foo
    engine: native
    type: shared