This page shows you how to store and access sensitive data such as API keys, passwords, certificates, SSH keys, etc. Semaphore uses "secrets" to accomplish this.
Secrets are organization-level objects that contain environment variables and files. The contents of secrets can be accessed in jobs that are part of blocks or pipelines to which they have been connected.
Using secrets in jobs#
Open the project page
Click the Edit Workflow button
Select the block to which you want to connect the secret
Find the Secrets section in the right sidebar
Select the secret that you want to be connected
Click the Run the workflow button and then Start
To connect a secret to a particular block add the secrets property, as shown below:
version: v1.0 name: My blue project agent: machine: type: e1-standard-2 os_image: ubuntu1804 blocks: - name: Test task: # Connect secret to all jobs in the block secrets: - name: blue-secret jobs: - name: Run tests commands: - checkout - make test
To connect a secret to all jobs in a pipeline use global_job_config, as shown below:
version: v1.0 name: My blue project agent: machine: type: e1-standard-2 os_image: ubuntu1804 global_job_config: # Connect secret to all jobs in the pipeline secrets: - name: blue-secret blocks: ...
Creating and managing secrets#
Open the dashboard of your organization
Click Secrets in the sidebar -- you can find it in the Configuration section
Click the Create New Secret button
Enter your secret information:
- Specify Name
- Enter the environment variable's name and value
Enter the destination file path and upload the file
Click Save Changes
The sem create secret command, shown below:
sem create secret blue-secret -e AWS_KEY=a1b2 -e AWS_SECRET=r2d2
Can be used to create a secret that also contains a file, as shown below:
sem create secret red-secrets -e AWS_KEY=a1b2 -f /Users/john/key.pem:/home/semaphore/key.pem
To view a secret use:
sem get secret blue-secret
To edit a secret use:
sem edit secret blue-secret
For more information about managing secrets check the sem CLI Reference.