Problems with Secrets


#1

If you are experiencing problems with secrets please provide the following information:

  1. version of Drone you are using
  2. a copy of your yaml configuration file.
  3. the output of drone secret ls for your repository.
  4. if secrets are working for some build events and not others, provide the output of drone build info for the failing build.

Environment Variable from Secret is Empty

The most common root cause for this problem is when you use ${VARIALBE} syntax in your yaml file. Remember that Drone emulates bash substitution and attempts to substitute values in ${VARIALBE} format before the yaml configuration file is parsed. To prevent a variable from being substituted, you should escape the variable, as show below:

kind: pipeline
name: default

steps:
  - name: test
    image: alpine
    environment:
      PASSWORD:
        from_secret: password
    commands:
-   - echo ${PASSWORD}
+   - echo $${PASSWORD}

Another common problem we see is use of the settings block for pipeline steps with commands. The settings block should only be used for plugins, and is ignored for steps with commands. For steps with commands, use the environment block to pass secrets to the pipeline step as environment variables.

kind: pipeline
name: default

steps:
  - name: test
    image: alpine
-   settings:
+   environment:
      PASSWORD:
        from_secret: password
    commands:
    - echo $PASSWORD

Secrets are randomly / or on pull request not set
closed #2