Secrets are not exposed

r-moiseev · April 23, 2018, 5:16pm

I am trying to expose private key to containers environment.

Ive created secret

drone secret add --repository "**/***" --name PRIVATE_KEY --value @/home/rmoiseev/.ssh/ci_rsa

And now i am able to see this secret in UI

Then in my pipeline i am doing this

  test:
    image: dlpbedrock/node-kafka
    commands:
      - echo "now we test"
  build:
    image: dlpbedrock/node-kafka
    environment:
      - PRIVATE_KEY="${PRIVATE_KEY}"
    commands:
      - mkdir /root/.ssh && echo "$PRIVATE_KEY" > /root/.ssh/id_rsa && chmod 0600 /root/.ssh/id_rsa
      - cat /root/.ssh/id_rsa
      - ssh-keyscan -H github.com >> /root/.ssh/known_hosts
      - yarn install

And in pipeline log i see that $PRIVATE_KEY is empty

PS In 0.8 docs there is info that we should sign pipeline yaml, but as i understand this was removed in 0.6

bradrydzewski · April 23, 2018, 5:37pm

Please see http://docs.drone.io/secrets-not-working/

I see two issues:

you are missing a secrest block
PRIVATE_KEY="${PRIVATE_KEY}" is not valid syntax

0.8 docs there is info that we should sign pipeline yaml

This is the link to the 0.8 documentation http://docs.drone.io/manage-secrets/. Can you please let me know where it mentions signing the yaml configuration file? Signing was removed in 0.6 and I cannot find any references in the docs.

r-moiseev · April 23, 2018, 10:10pm

Thank you, think i found old docs.

UPD: Yes it was readme.drone.io witch contains strange docs compiled from different versions

tonglil · April 25, 2018, 1:11am

@bradrydzewski we should archive those docs and state they are for 0.5, with a link to the latest.