Using environment variables in plugin settings

Hi, I’m trying to use secrets inside my plugin settings, and despite many places where this is mentioned, I can’t get it to work:

  - name: webhook
    image: plugins/webhook
    environment:
      TOKEN:
        from_secret: TOKEN
    settings:
      urls: http://...
      headers:
        - Authorization=${TOKEN}

The header I get has an empty value. The only thing I see in the docs that mention this is this page, but the syntax

steps:
- name: build
  image: plugins/docker
  settings:
    repo: octocat/hello-world
    username:
      from_secret: docker_username
    password:
      from_secret: docker_password

can’t work for this use case.

The syntax in your example is not supported. The plugin you are using (and most plugins) are written in Go and the strings are Go string literals. The environment ${variable} syntax in your example would only work with a bash string, and would need to be run through a bash interpreter, which is not the case given the plugin is a Go program.

If you want to source plugin settings from secrets, you would do the following:

    settings:
      urls: http://...
      headers:
        from_secret: TOKEN

Where the value of the token secret is:

Authorization=<TOKEN>

Since the headers section is an array, you can provide an array as a secret (if needed) using comma-separated values like this:

Authorization=<TOKEN>,Content-Type=text/plain
2 Likes

Aw, that’s unfortunate, but that syntax will do as well then. Thanks for the quick answer !