Drone.io secrets not populating in yml appropriately and documentation seems inaccurate

Question

I am running version 0.8.4 as a container in my lab. CLI is also at version 0.8.4

I am trying to use a secret in a command one of my containers is trying to run.

Following the documentation has me needing to sign a repo to allow the job to consume the secret. The drone CLI does not seem to have a drone sign command for me to run. So I create the secret with a --skip-verify=true flag. This creates the secret but when I run the job it errors out. The output in the UI shows a blank space where the secret should be injected.

Here is an excerpt of my .drone.yml where I am trying to inject secrets -s production -u ${cf_user} -p ${cf_password} --s

I have tried all the following ways to create a secret:

drone secret add <repo_name> --name <key> --value <value> --skip-verify=true

drone secret add <repo_name> --name <key> --value <value>

GUI Creation

I notice when I create an all capital name value the UI represents the value in all lowercase when the CLI shows it in capitals.

I also notice that if I include hyphens in the name and try to use that in my drone.yml the job errors out immediately with a bad substitution error.

Any help understanding what I am doing wrong would be much appreciated!

Answer 1

I got lost in the different documentation available. Should have been looking here rather than secret-guide.

In case I am not alone, I needed to add a secrects block in my pipeline.

I also needed to access them with $SECRET_KEY rather than ${SECRET_KEY}

pipeline:
  publish:
    image: governmentpaas/cf-cli
    secrets: [ cf_user, cf_password ]

Answer 2

Just a little update on this one, I stumbled over it as well because the docs are inconsistent.

In the 0.8.5 version the only thing I had to do is:

• add secrets via CLI or UI
• add secrets array to utilise it

no need to pass variables to environment.