Storing Secret Files (certs, etc.)

Options for Storing Secrets

There are few secret-storage options that CircleCI can support at this time:

  • You can store them as plaintext using Contexts resources (org-wide) or environment variables (job-specific), and then echo them into files, etc., at job runtime via your config.yml
  • You can encrypt files and store them in your source repository, but store the decryption keys in CircleCI, again either via Contexts or job environment variables, and then decrypt as-needed at job runtime
  • You can use a third-party secret storage solution (for example, Hashicorp's Vault), so long as it has a headless CLI-accessible option that you can use in your CircleCI job (which Vault does)

For further questions or suggestions for your particular use-case, please contact CircleCI Support.

Was this article helpful?
55 out of 84 found this helpful



Article is closed for comments.