This page shows how to store and access sensitive data such as API keys, passwords, certificates, SSH keys or other sensitive data.
Secrets are organization level objects that contain environment variables and files. Contents of secrets can be accessed in jobs that are part of blocks or pipelines to which the secrets have been connected.
Using secrets in jobs#
Open project page.
Click Edit Workflow button.
Select block to which you want to connect secret.
Find Secrets section in the right sidebar.
Check secret that needs to be connected.
Click Run the workflow button and then Start.
To connect secret to a particular block add secrets property like in example:
version: v1.0 name: My blue project agent: machine: type: e1-standard-2 os_image: ubuntu1804 blocks: - name: Test task: # Connect secret to all jobs in the block secrets: - name: blue-secret jobs: - name: Run tests commands: - checkout - make test
To connect secret to all jobs in the pipeline use global_job_config like in the example:
version: v1.0 name: My blue project agent: machine: type: e1-standard-2 os_image: ubuntu1804 global_job_config: # Connect secret to all jobs in the pipeline secrets: - name: blue-secret blocks: ...
Creating and managing secrets#
Open dashboard of your organization.
Click Secrets in the sidebar. Find it in the Configuration section.
Click Create New Secret button.
Enter your secret information:
- Specify Name
- Enter environment variable name and value
Enter destination file path and upload file
Click Save Changes
Use the sem create secret command:
sem create secret blue-secret -e AWS_KEY=a1b2 -e AWS_SECRET=r2d2
To create secret that also contains a file use:
sem create secret red-secrets -e AWS_KEY=a1b2 -f /Users/john/key.pem:/home/semaphore/key.pem
To view secret use:
sem get secret blue-secret
To edit secret use:
sem edit secret blue-secret
For more information about managing secrets check sem CLI Reference.