We'll protect your secrets with the new sensitive inputs

We're rolling out support for open source projects on Bitrise and we've done a full security revision before this so that you can be sure that your secrets lie safe with us. We've introduced multiple security-related improvements, the last of which is a new type of input called sensitive.

We're rolling out support for open source projects on Bitrise and we've done a full security revision before this so that you can be sure that your secrets lie safe with us. We've introduced multiple security-related improvements, the last of which is a new type of input called sensitive.

Your secrets are not shown in the bitrise.yml and they are stored encrypted. In addition, you can prevent exposing secrets on the UI by making them protected.

Note that anyone still might be able to do a workaround and log the value of secrets with a pull request, thus we advise not to expose secrets in PRs. For this reason, Expose for Pull Requests for secrets are set to off by default.

Apart from the previously listed security features, from now on, step inputs which store secret values (like passwords, API tokens, an SSH key, etc.) can be marked as sensitive. Bitrise then will redact the values defined as secret environment variables from the build log to keep them secret.

sensitive enviromental variables

These step input values need to be defined as secret environment variables and cannot be set directly in the input fields (so if you can't find the Insert variable button in the top right, you've bumped into a sensitive input). To add them to an input field you can add them in advance or add them on the go. Click either Enter value or Select secret variable to get to the popup where you can add or choose one.

create new secret environment variable

Add your secrets in advance

Add all (or some) of them in advance by going to your apps Secrets tab and click Add new.

add a secret enviroment variable

You can add any number of secrets here. Don't forget to click Save!

Add a secret on the go

If you click either Enter value or Select secret variable without having Secrets predefined, you can create them in the popup window.

After setting a Key and a Value, Add new will create the Secret and add it to the list on the Secrets tab and insert it into the input field.

insert secret enviroment variable

Stay tuned for the open source project support to land on Bitrise!

Happy and safe building!

No items found.

Explore more topics

App development

Best practices from engineers on how to use Bitrise to build better apps, faster.

Community

Meet other Bitrise engineers, technology experts, power users, partners and join our BUGs.

Company

All the updates about Bitrise events, sponsorships, employees, and more.

Insights

Mobile development, latest tech, industry insights, and interviews with experts.

Mobile DevOps

Learn why mobile development is unique and requires a set of unique practices.

Releases

Stay tuned for the last updates, new features, and product improvements.

Get the latest from Bitrise

Join other Mobile DevOps engineers who receive regular emails from Bitrise, filled with tips, news, and best practices.