This repository has been archived on 2024-04-08. You can view files and clone it, but cannot push or open issues or pull requests.
dagger/docs/core-concepts/1204-secrets.md
Helder Correia 6204970d53
Move snippets outside of markdown
Signed-off-by: Helder Correia <174525+helderco@users.noreply.github.com>
2022-03-10 12:35:11 -01:00

1.1 KiB
Raw Blame History

slug displayed_sidebar
/1204/secrets europa

How to use secrets

Most operations in client support handling secrets (see Interacting with the client). More specifically, you can:

  • Write a secret to a file;
  • Read a secret from a file;
  • Read a secret from an environment variable;
  • Read a secret from the output of a command;
  • Use a secret as the input of a command.

Environmnet

The simplest use case is reading from an environment variable:

dagger.#Plan & {
    client: env: GITHUB_TOKEN: dagger.#Secret
}

File

You may need to trim the whitespace, especially when reading from a file:

SOPS

Theres many ways to store encrypted secrets in your git repository. If you use SOPS, here's a simple example where you can access keys from an encrypted yaml file:

myToken: ENC[AES256_GCM,data:AlUz7g==,iv:lq3mHi4GDLfAssqhPcuUIHMm5eVzJ/EpM+q7RHGCROU=,tag:dzbT5dEGhMnHbiRTu4bHdg==,type:str]
sops:
    ...