buildkite-agent secret
The buildkite-agent secret command allows you to query and retrieve secrets from Buildkite secrets storage. This command is useful for fetching secrets that are required by your build scripts, without having to configure third-party secret management systems.
Getting a secret
Usage
buildkite-agent secret get [key] [options...]
Description
Gets a secret from Buildkite secrets and prints it to stdout. The key
specified in this command is the key's name defined for the secret in its
cluster. The key's name is case insensitive in this command, and the
key's value is automatically redacted in the build logs.
Examples
The following examples reference the same Buildkite secret key:
$ buildkite-agent secret get deploy_key
$ buildkite-agent secret get DEPLOY_KEY
Options
--job value #
|
Which job should should the secret be for |
|---|---|
--skip-redaction #
|
Skip redacting the retrieved secret from the logs. Then, the command will print the secret to the Job's logs if called directly. |
--agent-access-token value #
|
The access token used to identify the agent |
--endpoint value #
|
The Agent API endpoint (default: " |
--no-http2 #
|
Disable HTTP2 when communicating with the Agent API. |
--debug-http #
|
Enable HTTP debug mode, which dumps all request and response bodies to the log |
--no-color #
|
Don't show colors in logging |
--debug #
|
Enable debug mode. Synonym for `--log-level debug`. Takes precedence over `--log-level` |
--log-level value #
|
Set the log level for the agent, making logging more or less verbose. Defaults to notice. Allowed values are: debug, info, error, warn, fatal (default: "notice") |
--experiment value #
|
Enable experimental features within the buildkite-agent |
--profile value #
|
Enable a profiling mode, either cpu, memory, mutex or block |