Skip to main content

Use Job Secrets

This tutorial explains how to use job secrets to avoid exposing secret information in your build spec file.

We should never use secret value directly in build spec as otherwise everyone with permission to read code can know the secret. Instead we define it in build setting, and reference it via variables

  1. Define a secret say db-password in build setting:

    Secret Build Setting

    We specify authorized branches as master, meaning that only build spec from master branch can access this secret.

  2. Now reference the secret from build spec via variable. For instance:

    Use Job Secret