If you need to insert sensitive text-based documents or even small binary files into your project in secret it is possible to insert them as an environment variable by leveraging base64 encoding.
Environment variables can be configured in the UI under "Project Settings":
While contexts can be configured under "Organization Settings":
You can encode a file via your command line terminal by feeding it directly to base64.
base64 [option] [file]
Note If you are encoding a file (whether it be a large file or a "binary") for use as a CircleCI environment variable, you should pass the
-w 0 option to the command so newlines aren't present in the resulting base64, which will be converted to spaces when added to CircleCI.
To then decode the base64 file from within your container you can run the decode option.
base64 --decode [file]
If your file is stored as an environment variable, you can pipe it directly to the base64 command to be decoded, storing the result in a file
echo "$ENV_VARIABLE_NAME" | base64 --decode > filename.txt
For more information, you can read about base64 encoding and decoding variables within a config in our docs.