How to insert files as environment variables with Base64

If you need to insert sensitive text-based documents or even small binary files into your project in secret it is possible to insert them as an environment variable by leveraging base64 encoding.

Base64 is an encoding scheme to translate binary data into text strings. These values can be added to a context or inserted as an environment variable and decoded at runtime.

Environment variables can be configured in the UI under "Project Settings":


While contexts can be configured under "Organization Settings":



You can encode a file via your command line terminal by feeding it directly to base64.

base64 [option] [file]

Here is the MAN documentation for base64.

Note If you are encoding a file (whether it be a large file or a "binary") for use as a CircleCI environment variable, you should pass the -w 0 option to the command so newlines aren't present in the resulting base64, which will be converted to spaces when added to CircleCI.

To then decode the base64 file from within your container you can run the decode option.

base64 --decode [file]

If your file is stored as an environment variable, you can pipe it directly to the base64 command to be decoded, storing the result in a file

echo "$ENV_VARIABLE_NAME" | base64 --decode > filename.txt


For more information, you can read about base64 encoding and decoding variables within a config in our docs.

Was this article helpful?
3 out of 8 found this helpful



Please sign in to leave a comment.