Using secrets
Use Kubernetes secrets in Codefresh
Once you have connected Codefresh to your secrets storage, you can use them in any pipeline or GUI screen.
Note: This feature is for Enterprise accounts only.
Using secrets in pipelines
The syntax for using the secret is ${{secrets.NAME_IN_CODEFRESH.KEY}}
.
Note that if you did not include the resource-name as a part of your secret store context creation, the syntax for using your secret differs slightly: The syntax is: ${{secrets.NAME_IN_CODEFRESH.RESOURCE-NAME@KEY}} The previous KEY portion is now made of two parts separated using @, where the left side is the name of the resource in the namespace, and the right side the key in that resource.
To use the secret in your pipeline, you have two options:
Define it as a pipeline variable:
codefresh.yaml
version: '1.0'
steps:
step:
type: freestyle
arguments:
image: alpine
commands:
- echo $SECRET
Or use it directly in your yaml
codefresh.yaml
version: '1.0'
steps:
step:
type: freestyle
arguments:
image: alpine
environment:
- SECRET=${{secrets.test.key1}}
commands:
- echo $SECRET
Using secrets in the Codefresh GUI
You can also use secrets in the GUI screens that support them. Currently you can use secrets in:
- Values in shared configuration
- Integration with cloud storage
Where secret integration is supported, click on the lock icon and enable the toggle button. You will get a list of your connected secrets:
If you have already specified the resource field during secret definition the just enter on the text field the name of the secret directly, i.e. my-secret-key
.
If you didn’t include a resource name during secret creation then enter the full name in the field like my-secret-resource@my-secret-key
.