Inject secrets via kontena vault and drone PLUGIN_PARAMS - don't work

Dear Communtiy,

I just try to inject a kontena token (to deploy latest build) via kontena vault and drone PLUGIN_PARAMS, but it seems that drone don’t care about the variable PLUGIN_PARAMS set as an environment variable. Is that right? Or can a pass PLUGIN_PARAMS to drone inside the docker container?

More Informations:

Install drone on
-> i change / add the following:
type: env

DRONE_PLUGIN_PARAMS is set to “KONTENA_TOKEN=ABC…XYZ” in kontena vault.

.drone.yml looks like:
- KONTENA_GRID=testing

but in the drone log I see: “KONTENA_TOKEN=$$KONTENA_TOKEN” . hmmm???

Well PLUGIN_PARAMS is not mentioned here: - so maybe it is impossible?

An other question: is it possible to get into the drone-container to verify the environment variables? I tried it with docker exec -it XYZ bash and sh, but without success.

Ciao … Iver

Drone 0.5 no longer interpolates secrets in the .drone.yml file, that means that this will not work:


The solution is quite simple however; secrets are available to all allowed plugin containers as environment variables. This means that your KONTENA_TOKEN environment variable will already be available if you add it as a secret.
I’ve never heard of PLUGIN_PARAMS. But this will work: instead of adding PLUGIN_PARAMS as secret, add KONTENA_TOKEN instead.

In short, run:

drone secret add --image some/plugin your/project KONTENA_TOKEN ABC...XYZ

Then use this as .drone.yml:

  - KONTENA_GRID=testing

As for your other question, I’m not quite sure what you mean by “verify”.
If you want to see what environment variables are injected into your container, you can dry dumping all the environment vars:

    image: your/plugin
      - env

I hope this helps.


Thanks for the informations, I just try and come back. :slight_smile:


I just add a secret via “drone secret add …” and then “drone sign organisation/project” but I still got a “WARNING: unable to verify the Yaml signature.”

I tried to re-generate .drone.yml.sig, but git don’t recoginze changes. Hmm??

Any hints?

What version of drone are you using? I thought it was 0.5, but you linked to the docs for 0.4.

I use drone server 0.5. But I made a mistake and uses drone-cli 0.4. Now I upgrade to 0.5, error message is gone and everything works well.

THANK YOU for your helpfull informations !!!

Ciao … Iver