Secrets and Parameters

Secrets and parameters are project-wide variables that you can use in your Automation scripts:

Secrets – variables stored in the AES-encrypted format. For example, credentials to an external service.
Once you delete a secret from a project, it is instantly deleted from the storage (if there are running jobs that use the secret, it will be deleted once the jobs finish running).
Parameters – variables that are frequently used throughout your Automation scripts. For example, a URL of an external service.

Creating secrets and parameters

Open the desired project.
On the project sidebar menu, choose Project Settings → Secrets and Parameters.
Click New secret or New parameter to create a parameter or a secret correspondingly.
Specify
- Key: a variable name. You will use this name to reference this variable in your scripts.
- Value: a variable value.
Note the limitations:
- Secrets and parameters exist only in a scope of a particular project. So, if you create a secret or a parameter in one project, you cannot use them in other projects.
- Keys of secrets and parameters must be unique within a project. A secret and a parameter with the same key are also not allowed.
- A key must be no longer than 128 characters and can only contain alphanumeric characters ([a-z], [A-Z], [0-9]), dashes (-), or underscores (_).
- Keys are case-insensitive.
- Max secret's or parameter's value size is 30KB. Note that the max total size of all container arguments, environment variables, secrets, and parameters is also limited by 30KB. For example, if you provide a secret of 30KB and an argument of 1KB to a step, the step will fail.

Using secrets and parameters

Using Secrets and Params, assign a secret or a parameter value to a container environment variable.
Use the environment variable inside shellScript or kotlinScript.
Make sure your script does not print the value. Otherwise, it will be visible in job logs.

For example:

            job("Secrets and params") {
                // get secret and parameter in a shell script
                container(displayName = "Show pwd", image = "ubuntu") {
                    env["URL"] = Params("bintray-repo-url")
                    env["PSWRD"] = Secrets("bintray-repo-password")

                    shellScript {
                        content = """
                            echo My password for ${'$'}URL
                            echo is  ${'$'}PSWRD
                        """
                    }
                }

                // get secret and parameter in Kotlin code
                container(displayName = "Show pwd", image = "ubuntu") {
                    env["URL"] = Params("bintray-repo-url")
                    env["PSWRD"] = Secrets("bintray-repo-password")

                    kotlinScript {
                        val url = System.getenv("URL")
                        val pswrd = System.getenv("PSWRD")
                        println("""
                            My password for $url
                            is $pswrd
                        """)
                    }
                }
            }
        

Last modified: 18 August 2021