Working with environment variables
Our recommended approach for abstracting sensitive information like passwords, keys, etc is to use the
key-value integration. These are encrypted at rest and in flight and stored in our Vault.
However, there are times when you just want to encrypt something so you can use it in your YAML, for example in the
env section of your
shippable.yml or while configuring a
- From the left navbar, select your Subscription.
On the Subscription page, click on the Gears icon and click on Settings. You'll be taken to the Settings page.
Go to the Encrypt section. Enter your variables in the text box and click on
Encrypt. This will give you the encrypted string that you can use in your yml.
You can then include the encrypted string in your yml using the
secure tag and the variables will be available during your build.
As an example, you can use the encrypted variable in
shippable.yml for your CI workflow as shown below:
env: - secure: <encrypted output> build: ci: - echo $FOO
You can also use secure variables in a
params resource in
resources: - name: my-params type: params version: params: KEY1: "value1" secure: <encrypted value>
Decrypting an encrypted string
Owners of a subscription can decrypt an encrypted string through the Decrypt section of Subscription settings.