Storing secret files (certs, etc.)

There are few secret-storage options that CircleCI can support at this time:

  • You can store them as plaintext using Contexts resources (org-wide) or environment variables (job-specific), and then echo them into files, etc., at job runtime via your config.yml
  • You can encrypt files and store them in your source repository, but store the decryption keys in CircleCI, again either via Contexts or job environment variables, and then decrypt as-needed at job runtime
  • You can use a third-party secret storage solution (for example, Hashicorp's Vault), so long as it has a headless CLI-accessible option that you can use in your CircleCI job (which Vault does)
Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.