Version 1.0.0
Language EN

External Secrets

External secrets are stored in a third party system, such as Vault or the AWS Secrets Manager, and are requested at runtime. In order to use external secrets your Drone system administrator must install and configure a secret plugin.

Vault Example

For demonstration purposes, let’s assume we have installed the Vault secret plugin and we would like to access our Docker username and password.

vault_secret_info-1.png

The external secret resource is defined in the yaml configuration file. Notice we include the path to the secret, and the name or key of value we want to retrieve:

---
kind: secret

external_data:
  username:
    path: secrets/data/docker
    name: username
  password:
    path: secrets/data/docker
    name: password
...

We can then reference the secrets in our Pipeline configuration:

kind: pipeline
name: default

steps:
- name: build
  image: alpine
  environment:
    USERNAME:
      from_secret: username
    PASSWORD:
      from_secret: password

---
kind: secret

external_data:
  username:
    path: secrets/data/docker
    name: username
  password:
    path: secrets/data/docker
    name: password

Getting Help

Mailing List
Search for information in the mailing list archives, or post a question.
Chat Support
Real-time chat support from maintainers and community members.