This repository has been archived on 2024-04-08. You can view files and clone it, but cannot push or open issues or pull requests.
dagger/docs/core-concepts/1204-secrets.md
user.email d20ffbe8be website: hardcode version banner for 0.1 docs
O.1 docs is deprecated. Let's inform user to switch the the latest version

Signed-off-by: user.email <jf@dagger.io>
2022-04-13 15:58:51 +02:00

46 lines
1.1 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
slug: /1204/secrets
displayed_sidebar: '0.2'
---
# How to use secrets
Most operations in `client` support handling secrets (see [Interacting with the client](./1203-client.md)). More specifically, you can:
- Write a secret to a file;
- Read a secret from a file;
- Read a secret from an environment variable;
- Read a secret from the output of a command;
- Use a secret as the input of a command.
## Environment
The simplest use case is reading from an environment variable:
```cue
dagger.#Plan & {
client: env: GITHUB_TOKEN: dagger.#Secret
}
```
## File
You may need to trim the whitespace, especially when reading from a file:
```cue file=../tests/core-concepts/secrets/plans/file.cue
```
## SOPS
Theres many ways to store encrypted secrets in your git repository. If you use [SOPS](https://github.com/mozilla/sops), here's a simple example where you can access keys from an encrypted yaml file:
```yaml title="secrets.yaml"
myToken: ENC[AES256_GCM,data:AlUz7g==,iv:lq3mHi4GDLfAssqhPcuUIHMm5eVzJ/EpM+q7RHGCROU=,tag:dzbT5dEGhMnHbiRTu4bHdg==,type:str]
sops: ...
```
```cue file=../tests/core-concepts/secrets/plans/sops.cue title="main.cue"
```