[solved] Secrets not available to drone exec --local

We are trying to figure out how to get secrets working for us. We don’t seem to have access to a secret (FOO_BAR_AUTH_KEY) that we are trying to use in our build and test config. Are we missing something or do we have a syntax error somewhere in here? Our .drone.yml is signed, so it’s not a signing issue.

$ drone --version
drone version 0.5.0+dev
$ drone secret ls repo/proj
FOO_BAR_AUTH_KEY
Events: push, tag, deployment
SkipVerify: false
Conceal: true
$ cat .drone.yml
pipeline:
  build:
    image: python:3.5-alpine
    environment:
      AUTH_TOKEN: ${FOO_BAR_AUTH_KEY}
    commands:
      - echo "${FOO_BAR_AUTH_KEY}"
      - echo "${AUTH_TOKEN}"
$ drone exec --local
[build:L0:0s] + echo ""
[build:L1:0s]
[build:L2:0s] + echo ""
[build:L3:0s]
[build] exit code 0

This is because you are using drone exec --local which does not have access to your secrets. Only builds running on the server can access secrets. In this case you need to provide the command line utility with secrets using the --secret command line flag. See the following guide for more details http://readme.drone.io/cli/drone-exec/

The current form of drone exec doesn’t appear to accept the “–secret” or “–secrets-file” arguments anymore[1]. Is there a mechanism that can currently be used to pass secrets to a locally executed drone build?

[1] http://docs.drone.io/cli-exec/

you pass secrets to the CLI as environment variables. For example:

DOCKER_PASSWORD=xxxx drone exec

Thanks! This makes developing drone.yml configurations much faster!