Configuration in Drone
Secrets are declared in the top-level secrets
section of the drone.yml
file. The external secret name points to the secret name and data key.
Example Vault secret:
$ vault kv put secret/docker \
username=octocat \
password=correct-horse-battery-staple
Example Drone configuration requests the Vault secret:
kind: pipeline
name: default
steps:
- name:
image: plugins/docker
settings:
repo: octocat/server
tags: latest
username:
from_secret: username
password:
from_secret: password
---
kind: secret
external_data:
username:
path: secret/data/docker
name: username
password:
path: secret/data/docker
name: password
Settings and environment variables can then be sourced from secrets:
kind: pipeline
name: default
steps:
- name:
image: plugins/docker
settings:
repo: octocat/server
tags: latest
username:
from_secret: docker_username
password:
from_secret: docker_password
---
kind: secret
external_data:
username:
path: secret/data/docker
name: username
password:
path: secret/data/docker
name: password