Secrets with drone exec

Picking up drone for the first time in a while, using 1.0. Is it still just setting your secrets as env vars? Seems to not be working.

Env var:

➜  hello-httpd env | grep CHEF_KEY


kind: pipeline
name: build
  - name: build
    image: ubuntu
        from_secret: CHEF_KEY
      - echo "$CHEF_KEY"


[build:0] + echo "$CHEF_KEY"

If you are using the 1.0 CLI you need to pass secrets to the CLI from file.

example command:

drone exec --secret-file=secets.txt

example file:


10-4 thanks Brad!

(any why are you working on the long weekend??)

one could ask you the same question :slight_smile:

hope all is well

On a new team, trying to evict an entrenched Jenkins…

As a bit of a feature request, could you strip off leading export when parsing that file? I’ve got a habbit of doing stuff like source ~/bad_idea/ when working locally and I could re-use those files if you stripped the leading export. #twocents anyway

I believe this is supported. We use joho/godotenv to parse the file which claims to support a variety of bash-like formats, for example:

# I am a comment and that is OK
FOO=BAR # comments at line end are OK too
export BAR=BAZ