[solved] Per organization secrets and environment issue

vkiller · May 8, 2021, 2:12am

According docs https://docs.drone.io/secret/organization/

Per organization secrets and environment can only use with steps,example

kind: pipeline
name: default

steps:
- name: build
  image: alpine
  environment:
    USERNAME:
      from_secret: docker_username
    PASSWORD:
      from_secret: docker_password

but not for full yaml

kind: pipeline
name: default

environment:
  USERNAME:
    from_secret: docker_username
  PASSWORD:
    from_secret: docker_password

steps:
- name: build
  image: alpine

That will return error message

Integration: yaml: unmarshal errors: line 8: cannot unmarshal !!map into string

and another question,can’t use environment var with char together

  - name: publish
    image: plugins/docker
    environment:
      REGISTRY:
        from_secret: docker_registry
    settings:
      repo: $${REGISTRY}aimcheap/test

will return error

Error parsing reference: "${REGISTRY}aimcheap/test:latest" is not a valid repository/tag

bradrydzewski · May 8, 2021, 3:27am

Correct, the error messages you are experiencing are expected because the syntax is invalid. You cannot use secrets in pipeline-level environment variables, and you cannot use secrets as substitution parameters in the yaml.

You can, however, source setting parameters from secrets, like this:

  - name: publish
    image: plugins/docker
    settings:
      repo:
        from_secret: repo

Topic		Replies	Views
Problems with Secrets Drone FAQ	1	5919	December 19, 2018
Global env vars not working with secrets Drone Bugs	2	977	February 7, 2023
Is it possible to use from_secret at environment root level Drone Support	1	390	May 25, 2021
Drone runner not making secret extension requests to DRONE_SECRET_PLUGIN_ENDPOINT Drone Support	2	307	October 13, 2021
DRONE_RUNNER_ENV not working with secrets Drone Support	3	791	March 29, 2020

[solved] Per organization secrets and environment issue

Related topics