running tests that rely on a secret

christopher's Avatar


16 Mar, 2015 03:24 AM

I have some integration tests that need a connection string.
I read about the secure env variable in the appveyor.yml, but I understand that those are not used on pull requests.
I specifically want the integration tests to run for pull requests.
I thought that perhaps I can set in them in the dashboard, but I'm under the impression that I can't do that if I'm using the appveyor.yml (which is my preference).
Is there another option? What is the recommended approach?
(Also, I am assuming the the env var are set at the process level. Is that correct?)

  1. Support Staff 1 Posted by Feodor Fitsner on 16 Mar, 2015 05:50 AM

    Feodor Fitsner's Avatar

    Secure environment variables can be used in pull requests, but with private projects only. In public projects where anyone could send pull request it's impossible to hide something unless this something is built-in into AppVeyor Build Agent. Someone could submit along with PR malicious build script listing environment variables, registry settings, file or even do a memory dump.

    Vars are set on process level and by default they are inherited by all child processes. Parent (or root) process here is AppVeyor build agent.

  2. christopher closed this discussion on 21 May, 2015 04:59 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts


? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac