[SOLVED] Image Specific Secrets

I am running Drone 0.8-rc3 and I was hoping to set a specific secret to be a different value for two different images.

My specific case is that I have two build steps in the pipeline - one to push a Docker image to dev Kubernetes and another to push a Docker image to staging Kubernetes. I need the values for KUBERNETES_SECRET and KUBERNETES_TOKEN to be different based on whether i am running the jdemaris/deploy-dev image or the jdemaris/deploy-stage image.

I used to be able to do this by setting them specific to the image:

drone secret add --image=jdemaris/deploy-dev --repository=jdemaris/api --name=KUBERNETES_TOKEN --value=

and then

drone secret add --image=jdemaris/deploy-stage --repository=jdemaris/api --name=KUBERNETES_TOKEN --value=

Now when I do it, I get the error:

client error 500: Error inserting secret “KUBERNETES_TOKEN”. meddler.Insert: DB error in Exec: UNIQUE constraint failed: secrets.secret_name, secrets.secret_repo_id

Is this a bug? Are there any ideas for an alternative? Like a way to rename the environment variable that is created by the secret?

Is this a bug? Are there any ideas for an alternative? Like a way to rename the environment variable that is created by the secret?

This is the expected behavior since the secret name is a unique index in the database, and can only be added once per-repository.

The good news is that drone can still support your use case. You should add the secrets with different names, for example kubernetes_token_stage and kubernetes_token_dev. Then when you map the secret to the step, you can alias to the correct name.

For example:

pipeline:
  deploy_staging:
    image: some-kuberntes-plugin
+   secrets:
+     - source: kubernetes_token_stage
+       target: kubernetes_token

  deploy_testing:
    image: some-kuberntes-plugin
+   secrets:
+     - source: kubernetes_token_test
+       target: kubernetes_token

I should also mention that you do not need to use the --image filter for this.

Thank you! That worked very well