How to use secret keys with pipelines?


In my repo, I have a `` file which I do not commit to Bitbucket. Inside that, I have AWS_SECRET and etc.

Then I do like `keys.AWS_SECRET` to access those keys.

How do I do that so that I can still test using pipelines without changing much to my codebase?



2 answers

1 vote

Hi Moe,

You can use a secured environment variable for to achieve this.

The variable value will be masked from all log output if you mark it as a "secured" variable on creation. 

By the sounds of it, the only thing you will have to change is that you read in these values as an environment variable, instead of from a file. 


0 votes

I had added this as a comment to Philip's answer, but the code sections don't seem to display correctly in a comment.

If you really want to minimise the changes to your code you could try putting your entire "" file into a single secure variable by base64-encoding it.

base64 <

Paste the output of that command into the value of a secure variable named "KEYS_PY" and then in your bitbucket-pipelines.yml script:

echo $KEYS_PY | base64 --decode >

This may or may not work depending on how large "" is.


In my case this was needed:

echo "$KEYS_PY" | base64 --decode >

(including " ").

Suggest an answer

Log in or Sign up to answer
Community showcase
Published Nov 06, 2018 in Bitbucket

Upgrade Best Practices

Hello! My name is Mark Askew and I am a Premier Support Engineer for products Bitbucket Server/Data Center, Fisheye & Crucible. Today, I want to bring the discussion that Jennifer, Matt, and ...

678 views 5 9
Read article

Atlassian User Groups

Connect with like-minded Atlassian users at free events near you!

Find a group

Connect with like-minded Atlassian users at free events near you!

Find my local user group

Unfortunately there are no AUG chapters near you at the moment.

Start an AUG

You're one step closer to meeting fellow Atlassian users at your local meet up. Learn more about AUGs

Groups near you