We’ve just released (the first phase of) a new feature called Secret Envs filtering that enables managing secrets in a central location. Now you can set env vars as secrets from within your Workflows, mask them, and with a Script Step, use secrets from an external vault/company’s own service.
So far, by default, all Secrets have been handled on the app level on Bitrise. You can reuse Secret keys across multiple Bitrise apps, even if their corresponding values are different for each app.
From now on, it is possible to set up a Secret that holds the same value for all your apps, and manage that Secret from one location. For example, if all your apps need access to the same API, it makes sense to store the Secret containing the API key in a central location. If the API key ever changes, you only need to change it in that single location and the change applies to all your Bitrise apps.
Setting up such a Secret (or multiple Secrets) requires two things:
- A central vault or database - such as HashiCorp or Doppler - to store the Secrets. It must be accessible via a CLI.
- A Script Step to access the central vault/database, pull the Secret and set it to sensitive on Bitrise via Envman.
Read the detailed setup guide here.