19 December 2018

Sensitive Data Encryption in YAML

Sensitive Data Encryption in YAML

From this week onward, all sensitive data exported to YAML will be encrypted and salted. This includes server passwords, keys, and variables marked as encrypted. It is also possible to generate encrypted values directly in Buddy using our YAML helper.

Pipeline Data

Let's say you have a pipeline that you want to use as a template for future projects. The pipeline includes deployment actions to multiple servers, some of them secured by passwords (FTP/FTPS), some of them by SSH keys (SFTP):

Pipeline example

To use the configuration as a template, you first need to export it to a YAML file. You can do that in the pipeline's Settings tab:

Exporting settings

If you examine the file, you will see all sensitive data (passwords, keys, encrypted variables) is now encrypted:

YAML encryption

Now you can use the file to safely reproduce the pipelines in any new project with the Import option in the right column of the Pipelines view.

IMPORTANT: The salt required to decrypt the data is stored in your workspace Preferences:

Salt for YAML/API encryption

YAML Helper

The improvement also involves the YAML helper that you can use to manage and export pipeline configuration. Now, you can also use it to generate encrypted values for your buddy.yml:

Generating YAML encrypted values

Click here to learn more about YAML configuration in Buddy.

Buddy is 100% customer driven. If there’s a feature or integration you miss, let us know in the comments below or directly at support@buddy.works.

Buddy Makes Developers Happier

You use lots of tools to get web & app development done. Buddy creates more time in your day by helping you automate those tools.

Sign up for free with

Six Flags
Public Health England