We’ll protect your secrets with the new sensitive inputs on Bitrise

Bitrise
Bitrise
Aug 31, 2018 · 3 min read

We’re rolling out support for open source projects on Bitrise and we’ve done a full security revision before this so that you can be sure that your secrets lie safe with us. We’ve introduced multiple security-related improvements, the last of which is a new type of input calledsensitive.

Your secrets are not shown in the bitrise.yml and they are stored encrypted. In addition, you can prevent exposing secrets on the UI by making them protected.

Note that anyone still might be able to do a workaround and log the value of secrets with a pull request, thus we advise not to expose secrets in PRs. For this reason, Expose for Pull Requests for secrets are set to off by default.

Apart from the previously listed security features, from now on, step inputs which store secret values (like passwords, API tokens, an SSH key, etc.) can be marked as sensitive. Bitrise then will redact the values defined as secret environment variables from the build log to keep them secret.

These step input values need to be defined as secret environment variables and cannot be set directly in the input fields (so if you can’t find the Insert variable button in the top right, you've bumped into a sensitive input). To add them to an input field you can add them in advance or add them on the go. Click either Enter value or Select secret variable to get to the popup where you can add or choose one.

Add your secrets in advance

Add all (or some) of them in advance by going to your apps Secrets tab and click Add new.

You can add any number of secrets here. Don’t forget to click Save!

Add a secret on the go

If you click either Enter value or Select secret variable without having Secrets predefined, you can create them in the popup window.

After setting a Key and a Value, Add new will create the Secret and add it to the list on the Secrets tab and insert it into the input field.

Stay tuned for the open source project support to land on Bitrise!

Happy and safe building!

Originally published on the Bitrise Blog.

Bitrise

Medium Blog of Bitrise, the #1 CICD platform for mobile app development

Bitrise

Written by

Bitrise

Mobile Continuous Integration and Delivery for your whole team, with dozens of integrations for your favorite services.

Bitrise

Bitrise

Medium Blog of Bitrise, the #1 CICD platform for mobile app development

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade