Inserting files with Base64
If you need to insert sensitive text-based documents or even small binary files into your project in secret, it is possible to insert them as an environment variable by leveraging base64 encoding.
Encoding your file
You can encode a file via your command line terminal by feeding it directly to base64.
base64 [option] [file]
Note: If you are encoding a file (whether it be a large file or a "binary") for use as a CircleCI environment variable, you should pass the
-w 0 option to the command so newlines aren't present in the resulting base64, which will be converted to spaces when added to CircleCI.
Adding your file as an environment variable
You can add the newly encoded file as an environment variable to your project or as a context, depending on your preference.
Environment variables can be configured in the UI under "Project Settings":
Contexts can be configured under "Organization Settings":
Decoding your file within your container
To decode the base64 file from within your container you can use the
base64 --decode [file]
If your file is stored as an environment variable, you can pipe it directly to the base64 command to be decoded, storing the result in a file:
echo "$ENV_VARIABLE_NAME" | base64 --decode > filename.txt
If your file is stored as a context, you will also need to add the context to your workflows for the job in which you want to decode your file.