secure variables

tom stevens's Avatar

tom stevens

22 May, 2018 07:39 PM

I am having trouble with access to a secure variable. Sometimes the variable seems to be available and other times not. I am always trying to use it in deploy_script.
In the first method I generate a token at, then encrypt it at, then insert it in appveyor.yml as shown on that page.
1. Not really an appveyor question, but do you know if the token from github is repository specific, i.e. is it good at all repositories I own and repositories I am a collaborator on?
2. When I encrypt the token, is that encryption repository specific or should it be good for all repositories I own or am a collaborator on?
3. Is the token encryption user specific? If a build is triggered by another collaborator, different from the one that generated and encrypted the token, can that build decrypt the token I generated and encrypted and placed in the shared appveyor.yml file?

In the second method I set an locked environmental variable in*****/settings on the environment pane. The Github repository on the general pane is
someoneelse/collabproject, i am a collaborator but not the owner.
Will this work when the owner or other collaborator triggers builds, or do they need to also setup the variable in their settings for this repository?

  1. Support Staff 1 Posted by Ilya Finkelshte... on 22 May, 2018 10:35 PM

    Ilya Finkelshteyn's Avatar

    Hi Tom,

    • Reason you are not seeing secure variables available sometimes is probably becase they are not allowed in Pull requests for security reasons. Some details in the bottom of this part of documentation. There is a UI-only option Enable secure variables in Pull Requests from the same repository only for public projects and both Enable secure variables in all Pull Requests and Enable secure variables in Pull Requests from the same repository onlyfor private projects.

    • GitHub token is not repository specific, at least per my knowledge.

    • Encryption of secure variable is specific to AppVeyor account and unrelated to GitHub. As long as project belong to the account, and build is not a PR, build can decrypt the token.

    • Encrypting variable in UI will works too, as long as your role allows to update project setting. Common mistake here is double-encryption. If you use UI and "lock", paste clear text variable and then press "lock". Do not encrypt it with in this case.

    • What are you trying to script? Maybe you can use 1st class GitHub deployment support?

Reply to this discussion

Internal reply

Formatting help / Preview (switch to plain text) No formatting (switch to Markdown)

Attaching KB article:


Attached Files

You can attach files up to 10MB

If you don't have an account yet, we need to confirm you're human and not a machine trying to post spam.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac


18 Aug, 2018 11:54 AM
18 Aug, 2018 12:13 AM
17 Aug, 2018 06:02 PM
17 Aug, 2018 04:26 PM
17 Aug, 2018 04:04 PM
17 Aug, 2018 06:31 AM