Debug secrets with drone exec

Is there anyway I could debug how secrets are managed in local builds? I just keep getting “no basic auth” credentials error when pushing to my private registry:

- name: publish
image: plugins/docker:18
repo: myrepo/${DRONE_REPO_NAME}
registry: myrepo
from_secret: docker_username
from_secret: docker_password
auto_tag: true
insecure: true
debug: true

sh: drone exec --secret-file …/secrets.txt --trusted --include publish --event=tag --ref=refs/tags/1.0.0



one thing that jumps out is the case mismatch. In your yaml file, the secrets are lowercase but in your secrets file, they are uppercase. But otherwise, yes, you can view source to learn more about how it behaves.

1 Like

My gosh! I’m awfully sorry, that was obvious. Thanks a lot.

Just a suggestion: drone might raise an error whenever there is a reference to a secret that is not defined.

secrets are optional by design and it can be valid for a secret to exist for some events (push events) but not exist for other events (pull request) and a step to execute regardless. We do not want to introduce any breaking changes, however, we have considered providing an expanded syntax that is opt-in and could be used to require the secret exists:

  from_secret: foo

    name: bar
    required: true
1 Like