Per Organization

Updated 2 years ago by Admin

Organization secrets are used to store and manage sensitive information, such as passwords, tokens, and ssh keys. Storing this information in a secret is considered safer than storing it in your configuration file. Organization secrets can be used by any repository that belongs to the named organization.

Please note this feature is disabled on Drone Cloud. This feature is only available when self-hosting.
The system administrator role is required to create, update or delete organization secrets.

Create organization secrets using the command line tools:

$ drone orgsecret add [organization] [name] [data]

$ drone orgsecret add octocat docker_password pa55word

Source environment variables from named organization secrets:

1  kind: pipeline
2  name: default
3  
4  steps:
5  - name: build
6    image: alpine
7    environment:
8      USERNAME:
9        from_secret: docker_username
10      PASSWORD:
11       from_secret: docker_password

Source plugin settings from named organization secrets:

1  kind: pipeline
2  name: default
3  
4  steps:
5  - name: build
6    image: plugins/docker
7    settings:
8      repo: octocat/hello-world
9      username:
10        from_secret: docker_username
11     password:
12       from_secret: docker_password

Pull Requests

Secrets are not exposed to pull requests by default. This prevents a bad actor from sending a pull request and attempting to expose your secrets. You can override this default behavior, at your own risk, using the --allow-pull-request flag.

How did we do?