Secrets#
This page shows how to store and access sensitive data such as API keys, passwords, certificates, SSH keys or other sensitive data.
Overview#
Secrets are organization level objects that contain environment variables and files. Contents of secrets can be accessed in jobs that are part of blocks or pipelines to which the secrets have been connected.
Using secrets in jobs#
Web UI#
-
Open project page.
-
Click Edit Workflow button.
-
Select block to which you want to connect secret.
-
Find Secrets section in the right sidebar.
-
Check secret that needs to be connected.
-
Click Run the workflow button and then Start.
YAML#
To connect secret to a particular block add secrets property like in example:
version: v1.0
name: My blue project
agent:
machine:
type: e1-standard-2
os_image: ubuntu1804
blocks:
- name: Test
task:
# Connect secret to all jobs in the block
secrets:
- name: blue-secret
jobs:
- name: Run tests
commands:
- checkout
- make test
To connect secret to all jobs in the pipeline use global_job_config like in the example:
version: v1.0
name: My blue project
agent:
machine:
type: e1-standard-2
os_image: ubuntu1804
global_job_config:
# Connect secret to all jobs in the pipeline
secrets:
- name: blue-secret
blocks:
...
Creating and managing secrets#
Web UI#
-
Open dashboard of your organization.
-
Click Secrets in the sidebar. Find it in the Configuration section.
-
Click Create New Secret button.
-
Enter your secret information:
- Specify Name
- Enter environment variable name and value
-
Enter destination file path and upload file
-
Click Save Changes
CLI#
Use the sem create secret command:
sem create secret blue-secret -e AWS_KEY=a1b2 -e AWS_SECRET=r2d2
To create secret that also contains a file use:
sem create secret red-secrets -e AWS_KEY=a1b2 -f /Users/john/key.pem:/home/semaphore/key.pem
To view secret use:
sem get secret blue-secret
To edit secret use:
sem edit secret blue-secret
For more information about managing secrets check sem CLI Reference.