Skip to main content

Use Job Secrets

This tutorial explains how to use job secrets to avoid exposing secret information in your build spec file.

We should never use secret value directly in build spec as otherwise everyone with permission to read code can know the secret. Instead we define it in project settings like below, and reference it in build spec:

  1. Define a secret say access-token in project settings:

    Secret Build Setting

  2. Now reference the secret from build spec via variable. For instance:

    Use Job Secret

  3. Some build spec settings may require a job secret directly, for instance the push image step requires a job secret to be used as access token to push image to built-in docker image registry:

    Publish Image Access Token