Documentation

Overview

Reference

GitHub

GitHub Enterprise

Gitea

GitLab

Gogs

Bitbucket Cloud

Bitbucket Server

Certificates

Headers

Logging

Metrics

Database

Encryption

Blobs

Registration

Management

Administrators

Machine

Starlark

GitHub Teams

Overview

About Installation

Install On Linux

Install On Windows

About Configuration

Logging

Dashboard

Reference

Overview

About Installation

About Configuration

Logging

Policies

Dashboard

Reference

Overview

Installation

Install On Linux

Install On MacOS

Install On Windows

About Configuration

Logging

Dashboard

Reference

Overview

Installation

About Configuration

Logging

Dashboard

Reference

Overview

Installation

About Configuration

Logging

Dashboard

Reference

Overview

Installation

About Configuration

Logging

Dashboard

Reference

Overview

Installation

Configuration

Logging

Reference

AWS Secrets

Vault Secrets

Kubernetes Secrets

About Quick Start

Docker Pipelines

Kubernetes Pipelines

Command Line Runner

Overview

Configuration

Overview

About Configure

Triggers

Platform

Workspace

Cloning

Steps

Plugins

Services

Images

Parallelism

Conditions

Routing

Volumes

Host Volumes

Temporary Volumes

Examples

Example C Pipeline

Example C++ Pipeline

Example Clojure Pipeline

Example CouchDB Configuration

Example Crystal Pipeline

Example D Pipeline

Example Dart Pipeline

Example Docker Configuration

Example Docker-in-Docker Configuration

Example Elasicsearch Configuration

Example Elixir Pipeline

Example Erlang Pipeline

Example Go Pipeline (with Gopath)

Example Go Pipeline (with Modules)

Example Gradle Pipeline

Example Groovy Pipeline

Example Haskell Pipeline

Example Haxe Pipeline

Example Java Pipeline

Example MariaDB Configuration

Example Maven Pipeline

Example Memcached Configuration

Example MongoDB Configuration

Example MySQL Configuration

Example Nats Configuration

Node Example

Example Perl Pipeline

Example PHP Pipeline

Example Postgres Configuration

Python

Example R Pipeline

Example Redis Configuration

Example RethinkDB Configuration

Example Ruby Pipeline

Example Rust Pipeline

Example Swift Pipeline

Example Vault Configuration

Overview

About Configure

Metadata

Triggers

Platform

Workspace

Cloning

Steps

Plugins

Services

Images

Parallelism

Conditions

Tolerations

Nodes

Volumes

Host Volumes

Temporary Volumes

Examples

Example C Pipeline

Example C++ Pipeline

Example Clojure Pipeline

Example CouchDB Configuration

Example Crystal Pipeline

Example D Pipeline

Example Dart Pipeline

Example Docker Configuration

Example Docker-in-Docker Configuration

Example Elasicsearch Configuration

Example Elixir Pipeline

Example Erlang Pipeline

Example Go Pipeline

Example Gradle Pipeline

Example Groovy Pipeline

Example Haskell Pipeline

Example Haxe Pipeline

Example Java Pipeline

Example MariaDB Configuration

Example Maven Pipeline

Example Memcached Configuration

Example MongoDB Configuration

Example MySQL Configuration

Example Nats Configuration

Node Example

Example Perl Pipeline

Example PHP Pipeline

Example Postgres Configuration

Python

Example R Pipeline

Example Redis Configuration

Example RethinkDB Configuration

Example Ruby Pipeline

Example Rust Pipeline

Example Swift Pipeline

Example Vault Configuration

Overview

About Configure

Cloning

Platform

Triggers

Workspace

Steps

Parallelism

Conditions

Routing

Overview

About Configure

Server

Triggers

Platform

Workspace

Cloning

Steps

Parallelism

Conditions

Overview

About Configure

Settings

Triggers

Platform

Workspace

Cloning

Steps

Parallelism

Conditions

Overview

About Configure

Triggers

Cloning

Steps

Parallelism

Conditions

About Badges

About Conditions

About Triggers

About Skipping

Syntax

Substitution

Reference

Jsonnet

Starlark

Overview

Per Repository

Per Organization

Encrypted

About External

Vault

Kubernetes

AWS Secrets

About Signatures

About Promotions

About Cron

Overview

Explore

Example Go Plugin

Example Bash Plugin

Docker

Overview

Example Payloads

Starter Project

Overview

Admission Extension

Configuration Extension

Conversion Extension

Environment Extension

Registry Extension

Secret Extension

Validation Extension

Drone Autoscaler

About Installation

Install for Amazon EC2

Install for Azure

Install for Digital Ocean

Install for Google Cloud

Install for Hetzner Cloud

Install for Open Stack

Install for Packet

About Configuration

Configure SSL

Configure SSL with Lets Encrypt

Configure Logging

Configure Prometheus

Configure Slack Alerts

Using a Custom Cloud-Init

Configuration Reference

About CLI Reference

CLI Installation

CLI Configuration

CLI Commands

drone autoscale pause

drone autoscale resume

drone autoscale version

drone server create

drone server destroy

drone server env

drone server info

drone server ls

About API Reference

API Overview

Server Endpoints

System Endpoints

About Troubleshooting

About Support

About FAQ

Installation

Configuration

Licensing

About YAML Specification

Digital Ocean Pipeline

Docker Pipeline

Exec Pipeline

Kubernetes Pipeline

SSH Pipeline

Overview

Build Approve

Build Create

Build Decline

Build Info

Build List

Build Logs

Build Promote

Build Restart

Build Stop

Cron Create

Cron Delete

Cron Info

Cron List

Cron Trigger

Cron Update

Repo Chown

Repo Disable

Repo Enable

Repo Info

Repo List

Repo Repair

Repo Update

Secret Create

Secret Delete

Secret Info

Secret List

Secret Update

Current User Feed

Current User Info

Current User Repos

Current User Sync

User Create

User Delete

User Info

User List

User Update

Installation

Configuration

drone encrypt

drone exec

drone sign

drone jsonnet

drone user add

drone user info

drone user ls

drone user rm

drone repo add

drone repo chown

drone repo info

drone repo ls

drone repo repair

drone repo rm

drone repo update

drone build approve

drone build decline

drone build info

drone build last

drone build ls

drone build promote

drone build restart

drone build stop

drone secret add

drone secret info

drone secret ls

drone secret rm

drone secret update

drone orgsecret add

drone orgsecret info

drone orgsecret ls

drone orgsecret rm

drone orgsecret update

drone cron add

drone cron disable

drone cron enable

drone cron info

drone cron ls

All Categories > Usage > Secrets > About Secrets > Encrypted

Encrypted

Updated 2 years ago by Admin

Encrypted secrets are used to store sensitive information, such as passwords, tokens, and ssh keys directly in your configuration file as an encrypted string. Each secret is represented as a yaml document in your configuration file.

You can use the command line tools to encrypt secrets. Each secret is encrypted with a per-repository encryption key using aesgcm. This key never leaves the server environment.

Example command to encrypt the secret:

$ drone encrypt <repository> <secret>

$ drone encrypt octocat/hello-world top-secret-password
hl3v+FODjduX0UpXBHgYzPzVTppQblg51CVgCbgDk4U=

Example configuration with encrypted secrets:

1  kind: pipeline
2  name: default
3  
4  steps:
5  - name: build
6    image: alpine
7    environment:
8      USERNAME:
9        from_secret: username
10  
11 ---
12 kind: secret
13 name: username
14 data: hl3v+FODjduX0UpXBHgYzPzVTppQblg51CVgCbgDk4U=
15 
16 ...

Pull Requests

Secrets are not exposed to pull requests that originate from forks. This prevents a bad actor from sending a pull request and attempting to expose your secrets.

How did we do?

(opens in a new tab)

Encrypted

Pull Requests

How did we do?

Related Articles Encryption drone encrypt Configure SSL with Lets Encrypt

Contact

Related Articles

Encryption

drone encrypt

Configure SSL with Lets Encrypt