/
Secrets

Secrets

SINCE VERSION 7.0

What is a Secret?

A secret in PIPEFORCE is a piece of information you would like to share between services and systems but must stay highly confidential as much as possible.

Here are some examples of secrets:

  • An API token to access an external service.

  • A set of username and password.

  • A key to encrypt and decrypt some data.

All of these secrets must be handled very carefully. Therefore it is not a good idea to place this kind of information in the source code of your pipeline scripts or services.

Instead, you should create a secret once in PIPEFORCE and refer to it by its unique name.

The secrets are automatically stored in encrypted format.

Only the backend component which is allowed to work with the secret can then load, decrypt and use it by this name. Users and other components are not able to see it.

Create a secret

In PIPEFORCE you have two options, creating a secret:

  • Using the command secret.put

  • Using the web portal.

Format patterns

There are different format patterns of secrets possible:

  • bearer - A bearer token typically used in conjunction with JWT. Such a secret is typically placed in the header of an HTTP request. The format pattern for the secret is: Bearer: <Token>

  • header - A secret with format pattern <HeaderName>: <HeaderValue> which will be typically placed in the header of an HTTP request of commands compatible with this secret format.

  • secret-text - An arbitrary secret text to be used inside of components which are compatible with this format.

  • username-password - A set of username and password in the pattern format <Username>:<Password>.

  • oauth2-grant - since 9.5 A JSON which contains all information required to create an OAuth2 access token by calling the authorization endpoint given by x_url. The structure of the JSON is like this, whereas the required attributes depend on the grant type you're using (read the official OAuth2 documentation for this):