Improve this page on GitHub

Using secrets

Use Kubernetes secrets in Codefresh

Once you have connected Codefresh to your secrets storage, you can use them in any pipeline or GUI screen.

Note: This feature is for Enterprise accounts only.

Using secrets in pipelines

The syntax for using the secret is ${{secrets.NAME_IN_CODEFRESH.KEY}}.

Note that if you did not include the resource-name as a part of your secret store context creation, the syntax for using your secret differs slightly: The syntax is: ${{[email protected]}} The previous KEY portion is now made of two parts separated using @, where the left side is the name of the resource in the namespace, and the right side the key in that resource.

To use the secret in your pipeline, you have two options:

Define it as a pipeline variable:

Secrets Pipeline Variable

Secrets stored in Pipeline Variable

codefresh.yaml

version: '1.0'
steps:
  step:
    type: freestyle
    arguments:
      image: alpine
      commands:
        - echo $SECRET

Or use it directly in your yaml

codefresh.yaml

version: '1.0'
steps:
  step:
    type: freestyle
    arguments:
      image: alpine
      environment:
        - SECRET=${{secrets.test.key1}}
      commands:
        - echo $SECRET

Using secrets in the Codefresh GUI

You can also use secrets in the GUI screens that support them. Currently you can use secrets in:

Where secret integration is supported, click on the lock icon and enable the toggle button. You will get a list of your connected secrets:

Using external secrets in shared configuration values

Using external secrets in shared configuration values

If you have already specified the resource field during secret definition the just enter on the text field the name of the secret directly, i.e. my-secret-key. If you didn’t include a resource name during secret creation then enter the full name in the field like [email protected].