[SOLVED] Drone 0.5 secrets issue / Insert secrets correctly

Drone Support
1

Hello everyone,

i’ve got a working combination of drone/gogs, build as per Installation Guide . So far, so good. Everything works fine until deployment, obviously i’m not able to find the right endpont to inject the secrets…

My .drone.yml:

pipeline:
  build:
    image: grahamc/jekyll:latest
    commands:
      - jekyll build
  deploy:
    image: drillster/drone-rsync
    hosts: [ "MyIP" ]
    user: cisync
    key: "${DEPLOYKEY}"
    source: ./\_site/*
    target: /path/to/target/
    delete: false
    recursive: true

I built the drone executable local, as i did not find any way to exec commands within the containers. Thus i need to give -s and -t with the command… I tried the following statement to inject the secret (well, an ssh private key, of course):

drone -s http://localhost:8000/api/user -t <accessToken> secret add drillster/drone-rsync DEPLOYKEY @/path/to/deployment.key

As far as my thoughts were going, the repo belongs to the user, so the key should be avauleble in the users context for deployment. Fact is, the documentation does not mention anything about the right endpoint or the like - or do i miss something? How do i get the secret(s) into the server/agent-containers?

Sorry if it should be clear, but after the day i need to untie some knots in my brain… :wink:

2

I built the drone executable local, as i did not find any way to exec commands within the containers

fyi, the cli is available for download so that you don’t have to build it yourself
http://readme.drone.io/usage/getting-started-cli/

This page also includes details on how to configure the token and server address. Note that the address should not include the path. TLDR remove the path from your server URL
http://readme.drone.io/usage/getting-started-cli/#authorization

1 Like
3

Thanks for the link, this page has escaped me until now… my bad, had been a long day. And, somehow mixing up all the stuff, i tried adding the secret for the plugin container, rather than the repo. Very long day… :wink:

Alas, it still don’t work (as i would expect).

drone -s http://localhost:8000 -t token secret add my/repo --skip-verify DEPLOYKEY @/path/to/deployment.key

results in:

drone -s http://localhost:8000 -t token secret ls my/repo
DEPLOYKEY 
Events: push, tag, deployment
SkipVerify: true
Conceal: false

deployment.key is a standard private RSA-Key.
So, i guess it is inserted correctly, but… now the build process does not start at all:

ERROR: yaml: line 10: did not find expected key

(the .drone.yml above has a blank line removed, so line 10 in fact is the line “user:”). Before that, the build prcess goes fine until the rsync plugin complained about not having a key.
AFAICS the content of the file deployment.key should be inserted, is this correct? Or is the path inserted, in which case i have to copy the key to a docker volume?

4

Please see this thread which I believe is related and will help you solve this problem:
http://discourse.drone.io/t/issues-with-multiline-secrets-concealing-and-being-passed-to-environment/312

1 Like
5

That’s it, great! Thanks a lot! :grinning:

Hereby solved…