Drone secrets are exposed to a build iff the
.drone.yml signature can be verified. When signature verification fails the below message is displayed.
WARNING: unable to verify the Yaml signature
The above warning is the usually the result of updates to the
.drone.yml file causing the signature to fail. You should therefore update the signature every time you update the Yaml file.
drone sign octocat/hello-world
Commit the updated signature to your GitHub repository:
git add .drone.yml.sig git commit -m "updated yaml signature"