This feature is only available in the Enterprise expansion pack
The enterprise expansion pack provides support for global secrets variables, sourced from a yaml file on your server. You should mount the secrets file into your container and specify the path to the file in your configuration.
Example server configuration:
services:
drone-server:
image: drone/drone:0.8
ports:
- 80:8000
volumes:
- /var/lib/drone:/var/lib/drone/
+ - /etc/drone-secrets.yml:/etc/drone-secrets.yml
restart: always
environment:
+ DRONE_GLOBAL_SECRETS=/etc/drone-secrets.yml
Example secrets file:
- name: docker_username
value: octocat
- name: docker_password
value: correct-horse-batter-staple
Restricting Access
Restrict access to global secrets based on repository name using the repos attribute. This is defined as an array list with glob support.
- name: docker_username
value: octocat
repos: [ octocat/hello-world, github/* ]
- name: docker_password
value: correct-horse-battery-staple
repos: [ octocat/hello-world, github/* ]
Restrict access to global secrets based on image name using the images attribute. This is defined as an array list with glob support.
- name: docker_username
value: octocat
images: [ plugins/docker, plugins/* ]
- name: docker_password
value: correct-horse-battery-staple
images: [ plugins/docker:latest, plugins/ecr:* ]
Restrict access to global secrets based on event name using the events attribute.
- name: docker_username
value: octocat
events: [ push, pull_request ]
- name: docker_password
value: correct-horse-battery-staple
events: [ push, tag ]
Any combination of restrictions can be combined.
- name: docker_username
value: octocat
repos: [ octocat/hello-world, github/* ]
events: [ push, tag ]
images: [ plugins/* ]
- name: docker_password
value: correct-horse-battery-staple
repos: [ octocat/hello-world, github/* ]
images: [ plugins/docker ]
Currently, global secrets does not support status as an attribute-based usage restriction.
Is there a mistake on this page? Please let us know or edit this page.