Using Secrets with GitOps

How to manage and reference secrets with GitOps

If your Release account has GitOps enabled, you can edit environment variables by checking a .release/environment_variables.yaml file into your repository. See the GitOps section for more details.

Referencing Secrets in Gitops

You should follow best practices and never commit secrets in Git. Release allows you to reference secrets created in one of our Secret Vault implementations. Then you would merely reference your secret environment variables in your .release/environment_variables.yaml file:

# .release/environment_variables.yaml abridged
# Add a value to DB_PASSWORD in Release environment
  - key: DB_PASSWORD
    value: $secrets.rsm.db_password
    secret: true
  - key: DB_USERNAME
    value: this-is-not-a-secret

You can then manage secrets via the vaults that we provide.

Last updated