Secrets are loaded as environment variables in your workflow (not jobs). If you need to use them in a job, you can pass them as arguments to the command.
Restrict secrets to specific branches using environments to keep them safe. Since secrets load as environment variables, anyone editing the workflow could expose them.
Creating a Secret
Navigate to the Secrets page in your project and click on the New Secret button.
Sensitive Secrets
If you mark a secret as sensitive, you won't be able to view the value again (in our dashboard).
Since all our variables are decrypted for your workflow, you still need to be careful with sensitive secrets.
Environments
Environments are a way to restrict which branches can access secrets.
Navigate to the Environments page in your project and click on the New Environment button.
We use glob patterns to match branches. For example, feature/* will match all branches that start with feature/.
Limits
Variables are limited to 64KB in size. If you need to store more data please reach out to our support team.