This repository has been archived on 2024-04-08. You can view files and clone it, but cannot push or open issues or pull requests.
dagger/docs/core-concepts/1204-secrets.md

46 lines
1.1 KiB
Markdown
Raw Normal View History

Add the must-have pages for the Europa release The goal is to capture the shape of the new docs. It is not meant to be final, but it should be as close as possible. We only want the bare minimum for new users that on-board with Dagger Europa. As soon as the new europaSidebar replaces replaces the existing one, the previous docs will still remain available - doc IDs are unique and permanent. We will do this by simply changing the default `slug: /` to point to the Europa Docs entrypoint, which is doc 1200. Helpful Docusaurus link re multiple sidebars: https://docusaurus.io/docs/sidebar/multiple-sidebars The new pages are numbered from `1200` onwards. This is meant to reflect the `0.2.0` Dagger version. This numbering felt more meaningful than just continuing to increment existing numbers. I didn't want to be "wasteful" with the digits and start at `2000`, but that was my first instinct. I am keen on getting this live on https://docs.dagger.io/1200/local-ci. Anything that is not in production, is inventory. Inventory is bad. The goal is to allow anyone that has a link to get a feel for the new docs as soon as possible, so that we can all see how they improve in real-time, and steer them continuously towards the desired state. We should be aware of the timeline, and not muck about, but instead evaluate constantly how close are we to "flipping the switch". Remember, the best releases are those where switches are flipped (e.g. `--europa)`. The feature will have been out there for weeks (maybe even months), improved by talking to users and then one day realising that we are done, and just enabling it by default. It's the same principle behind these docs. Signed-off-by: Gerhard Lazu <gerhard@lazu.co.uk>
2022-02-07 23:16:01 +01:00
---
slug: /1204/secrets
displayed_sidebar: '0.2'
Add the must-have pages for the Europa release The goal is to capture the shape of the new docs. It is not meant to be final, but it should be as close as possible. We only want the bare minimum for new users that on-board with Dagger Europa. As soon as the new europaSidebar replaces replaces the existing one, the previous docs will still remain available - doc IDs are unique and permanent. We will do this by simply changing the default `slug: /` to point to the Europa Docs entrypoint, which is doc 1200. Helpful Docusaurus link re multiple sidebars: https://docusaurus.io/docs/sidebar/multiple-sidebars The new pages are numbered from `1200` onwards. This is meant to reflect the `0.2.0` Dagger version. This numbering felt more meaningful than just continuing to increment existing numbers. I didn't want to be "wasteful" with the digits and start at `2000`, but that was my first instinct. I am keen on getting this live on https://docs.dagger.io/1200/local-ci. Anything that is not in production, is inventory. Inventory is bad. The goal is to allow anyone that has a link to get a feel for the new docs as soon as possible, so that we can all see how they improve in real-time, and steer them continuously towards the desired state. We should be aware of the timeline, and not muck about, but instead evaluate constantly how close are we to "flipping the switch". Remember, the best releases are those where switches are flipped (e.g. `--europa)`. The feature will have been out there for weeks (maybe even months), improved by talking to users and then one day realising that we are done, and just enabling it by default. It's the same principle behind these docs. Signed-off-by: Gerhard Lazu <gerhard@lazu.co.uk>
2022-02-07 23:16:01 +01:00
---
# How to use secrets
Most operations in `client` support handling secrets (see [Interacting with the client](./1203-client.md)). More specifically, you can:
- Write a secret to a file;
- Read a secret from a file;
- Read a secret from an environment variable;
- Read a secret from the output of a command;
- Use a secret as the input of a command.
## Environment
The simplest use case is reading from an environment variable:
```cue
dagger.#Plan & {
client: env: GITHUB_TOKEN: dagger.#Secret
}
```
## File
You may need to trim the whitespace, especially when reading from a file:
```cue file=../tests/core-concepts/secrets/plans/file.cue
```
## SOPS
Theres many ways to store encrypted secrets in your git repository. If you use [SOPS](https://github.com/mozilla/sops), here's a simple example where you can access keys from an encrypted yaml file:
```yaml title="secrets.yaml"
myToken: ENC[AES256_GCM,data:AlUz7g==,iv:lq3mHi4GDLfAssqhPcuUIHMm5eVzJ/EpM+q7RHGCROU=,tag:dzbT5dEGhMnHbiRTu4bHdg==,type:str]
sops: ...
```
```cue file=../tests/core-concepts/secrets/plans/sops.cue title="main.cue"
```