Configuration in Drone

Secrets are declared in the top-level secrets section of the drone.yml file. The external secret name points to the secret name and data key.

Example Vault secret:

$ vault kv put secret/docker \
    username=octocat \
    password=correct-horse-battery-staple

Example Drone configuration requests the Vault secret:

kind: pipeline
name: default

steps:
- name:
  image: plugins/docker
  settings:
    repo: octocat/server
    tags: latest
    username:
      from_secret: username
    password:
      from_secret: password

---
kind: secret

external_data:
  username:
    path: secret/data/docker
    name: username
  password:
    path: secret/data/docker
    name: password

Settings and environment variables can then be sourced from secrets:

kind: pipeline
name: default

steps:
- name:
  image: plugins/docker
  settings:
    repo: octocat/server
    tags: latest
    username:
      from_secret: docker_username
    password:
      from_secret: docker_password

---
kind: secret

external_data:
  username:
    path: secret/data/docker
    name: username
  password:
    path: secret/data/docker
    name: password

Configuration in Drone

On This Page:

Getting Help