If you need to insert sensitive text-based documents or even small binary files into your project in secret it is possible to insert them as an environment variable by leveraging base64 encoding.
Base64 is an encoding scheme to translate binary data into text strings. These values can be inserted as an environment variable and decoded at runtime.
You can encode a file via your command line terminal by feeding it directly to base64.
base64 [option] [file]
Note If you are encoding a file (whether it be a large file or a "binary") for use as a CircleCI environment variable, you should pass the
-w 0 option to the command so newlines aren't present in the resulting base64, which will be converted to spaces when added to CircleCI.
To then decode the base64 file from within your container you can run the decode option.
base64 --decode [file]
If your file is stored as an environment variable, you can pipe it directly to the base64 command to be decoded, storing the result in a file
echo "$ENV_VARIABLE_NAME" | base64 --decode > filename.txt
This article is derived from this documents page: https://circleci.com/docs/1.0/google-auth/