Secrets

You can store key value pairs in Pipekit and have them passed to your running workflow as environment variables.

This feature is only available to Pipes that have been created via the Pipekit Web UI.

Environments

In order to store key-value pairs in Pipekit, you must first create an Environment. Environments can be mapped to a specific . For example, you could have a collection of secrets to be run in a development Run Condition, and another collection of secrets to be run in a production Run Condition, both running on different clusters, with different git events triggering them.

To create an Environment, go to the Pipe that you wish to manage, and click the Secrets tab. If there is not already an environment set up for this pipe, you will be prompted to choose an environment name and optional description.

If an environment already exists, click the + Add Environment button.

Once you have created an Environment, you can add secrets to it. Ensure the environment you wish to use is selected in the Environment dropdown, then add a key/value pair.

Click + Add Secret to add another key/value pair.

Continue until you have added all the secrets you wish to use, and then click Save.

Adding Secrets to a Run Condition

In order to pass the secrets to your running workflow, you must tell Pipekit which Environment each Run Condition should use. Go to the Run Conditions tab and select the environment you wish to use for each run condition. For more information, refer to the documentation.

Using Secrets in your Workflow

Key/value pairs are automatically mounted into your workflow as Environment variables. For example if you entered a key of MY_SECRET and a value of my-secret-value, you can access this in your workflow as MY_SECRET.

This example will output my-secret-value in the logs:

apiVersion: argoproj.io/v1alpha1
kind: Workflow
metadata:
  name: test-secret
spec:
  entrypoint: test-secret
  templates:
    - name: test-secret
      container:
        image: ubuntu
        command:
            - /bin/bash
            - -c
            - |
            if [ "${MY_SECRET}" == "my-secret-value" ]
            then
                echo "Secrets are working!"
                echo ${MY_SECRET}
            else
                echo "Secrets are not working!"
                echo ${MY_SECRET}
                exit 1
            fi

Secrets are only made available to the Workflow that is triggered by the Run Condition. If you have a Workflow that triggers another Workflow or uses workflowTemplates, the secrets will not be passed to the second Workflow, or the workflowTemplate.

Last updated 1 year ago