Secrets and Parameters

Secrets and parameters are project-wide variables that you can use in your Automation scripts:

Parameters – variables that are frequently used throughout your Automation scripts. For example, a URL of an external service.
Secrets – variables stored in the AES-encrypted format. For example, credentials to an external service.
Once you delete a secret from a project, it is instantly deleted from the storage (if there are running jobs that use the secret, it will be deleted once the jobs finish running).
To use secrets and parameters in jobs, you must first create them in the project settings.

Note that Automation hides values of secrets and parameters in job logs for security reasons.

Creating secrets and parameters

Open the desired project.
On the project sidebar menu, choose Settings, then Secrets and Parameters.
Click Create and choose Secret or Parameter.
Specify
- Key: a variable name. You will use this name to reference this variable in your scripts.
- Value: a variable value.
Note the limitations:
- Secrets and parameters exist only in a scope of a particular project. So, if you create a secret or a parameter in one project, you cannot use them in other projects.
- Keys of secrets and parameters must be unique within a project. A secret and a parameter with the same key are also not allowed.
- A key must be no longer than 128 characters and can only contain alphanumeric characters ([a-z], [A-Z], [0-9]), dashes (-), or underscores (_).
- Keys are case-insensitive.
- Max secret's or parameter's value size is 30KB. Note that the max total size of all container arguments, environment variables, secrets, and parameters is also limited by 30KB. For example, if you provide a secret of 30KB and an argument of 1KB to a step, the step will fail.

Using secrets and parameters

Use the Secrets and Params functions to assign the value of a secret or a parameter to an environment variable.
Use the environment variable inside shellScript or kotlinScript.

For example:

            job("Secrets and params") {
                // get param and secret in a shell script
                container(displayName = "Show pwd", image = "ubuntu") {
                    env["URL"] = Params("bintray-repo-url")
                    env["PSWRD"] = Secrets("bintray-repo-password")

                    shellScript {
                        content = """
                            echo My password for ${'$'}URL
                            echo is  ${'$'}PSWRD
                        """
                    }
                }

                // get param and secret in Kotlin code
                container(displayName = "Show pwd", image = "ubuntu") {
                    env["URL"] = Params("bintray-repo-url")
                    env["PSWRD"] = Secrets("bintray-repo-password")

                    kotlinScript {
                        val url = System.getenv("URL")
                        val pswrd = System.getenv("PSWRD")
                        println("""
                            My password for $url
                            is $pswrd
                        """)
                    }
                }
            }
        

Last modified: 23 September 2022