Home → Questions →

Using environment variables for (secure) S3 key material

• Edit

glandium

15 May, 2016 09:43 AM

I'd rather rotate S3 deployment keys through settings instead of through version control (there are several reasons to prefer that), so I tried some configuration like the following:

deploy:
  - provider: S3
    access_key_id:
      secure: $(ARTIFACTS_KEY)
    secret_access_key:
      secure: $(ARTIFACTS_SECRET)
    bucket: $(ARTIFACTS_BUCKET)
(...)

And setting the ARTIFACTS_* variables through the appveyor settings, but it doesn't seem to work for the key and secret (it works for the bucket name). Is there a way to make this work?

1. Support Staff 1 Posted by Feodor Fitsner on 15 May, 2016 06:05 PM

   

   It should be:

     - provider: S3 
       access_key_id: $(ARTIFACTS_KEY) 
       secret_access_key: $(ARTIFACTS_SECRET) 
       bucket: $(ARTIFACTS_BUCKET)
   

   • Edit

2. 2 Posted by glandium on 15 May, 2016 11:20 PM

   

   This requires setting the variables in plain text in the settings, doesn't it?

   • Edit

3. Support Staff 3 Posted by Feodor Fitsner on 15 May, 2016 11:22 PM

   

   No, just tick "lock" sign on them (you are configuring them on UI, right?). "Secure" variables behave as regular environment variables except they are not set during PR builds.

   • Edit

4. 4 Posted by glandium on 15 May, 2016 11:41 PM

   

   I'm configuring them in the UI, indeed. So to be clear, I need to enter them in plain text and use the lock sign?

   • Edit

5. Support Staff 5 Posted by Feodor Fitsner on 15 May, 2016 11:42 PM

   

   Correct.

   • Edit

6. Ilya Finkelshteyn closed this discussion on 25 Aug, 2018 02:06 AM.