This repository has been archived on 2024-04-08. You can view files and clone it, but cannot push or open issues or pull requests.
dagger/docs/core-concepts/1204-secrets.md
Jeremy Adams cde9d54589 Fix typo
Signed-off-by: Jeremy Adams <jeremy.adams.pdx@gmail.com>
2022-03-15 16:52:28 -07:00

45 lines
1.1 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
slug: /1204/secrets
displayed_sidebar: europa
---
# How to use secrets
Most operations in `client` support handling secrets (see [Interacting with the client](./1203-client.md)). More specifically, you can:
- Write a secret to a file;
- Read a secret from a file;
- Read a secret from an environment variable;
- Read a secret from the output of a command;
- Use a secret as the input of a command.
## Environment
The simplest use case is reading from an environment variable:
```cue
dagger.#Plan & {
client: env: GITHUB_TOKEN: dagger.#Secret
}
```
## File
You may need to trim the whitespace, especially when reading from a file:
```cue file=../tests/core-concepts/secrets/plans/file.cue
```
## SOPS
Theres many ways to store encrypted secrets in your git repository. If you use [SOPS](https://github.com/mozilla/sops), here's a simple example where you can access keys from an encrypted yaml file:
```yaml title="secrets.yaml"
myToken: ENC[AES256_GCM,data:AlUz7g==,iv:lq3mHi4GDLfAssqhPcuUIHMm5eVzJ/EpM+q7RHGCROU=,tag:dzbT5dEGhMnHbiRTu4bHdg==,type:str]
sops:
...
```
```cue file=../tests/core-concepts/secrets/plans/sops.cue title="main.cue"
```