The enterprise edition supports global secrets, sourced from a yaml file on your server. You should mount the secret file into your container and specify the path to the secret file in your configuration.

services:
  drone-server:
    image: drone/drone:0.7
    ports:
      - 80:8000
    volumes:
      - /var/lib/drone:/var/lib/drone/
+     - /etc/drone-secrets.yml:/etc/drone-secrets.yml
    restart: always
    environment:
+     DRONE_GLOBAL_SECRETS=/etc/drone-secrets.yml

Example secrets file:

- name: docker_username
  value: octocat
- name: docker_password
  value: correct-horse-batter-staple

Restricting Access

Restrict access to global secrets based on repository name using the repos attribute. This is defined as an array list with glob support.

- name: docker_username
  value: octocat
  repos: [ octocat/hello-world, github/* ]
- name: docker_password
  value: correct-horse-battery-staple
  repos: [ octocat/hello-world, github/* ]

Restrict access to global secrets based on image name using the images attribute. This is defined as an array list with glob support.

- name: docker_username
  value: octocat
  images: [ plugins/docker, plugins/* ]
- name: docker_password
  value: correct-horse-battery-staple
  images: [ plugins/docker:latest, plugins/ecr:* ]

Both restrictions can be combined.

- name: docker_username
  value: octocat
  repos: [ octocat/hello-world, github/* ]
  images: [ plugins/* ]
- name: docker_password
  value: correct-horse-battery-staple
  repos: [ octocat/hello-world, github/* ]
  images: [ plugins/docker ]

Questions?

We are always happy to help with questions you might have. Search our documentation or check out answers to common questions. You can also post questions or comments to our community forum.