Sensitive Data Encryption in YAML

December 19, 2018

Sensitive Data Encryption in YAML

From this week onward, all sensitive data exported to YAML will be encrypted and salted. This includes server passwords, keys, and variables marked as encrypted. It is also possible to generate encrypted values directly in Buddy using our YAML helper.

Pipeline Data

Let's say you have a pipeline that you want to use as a template for future projects. The pipeline includes deployment actions to multiple servers, some of them secured by passwords (FTP/FTPS), some of them by SSH keys (SFTP):

Pipeline examplePipeline example

To use the configuration as a template, you first need to export it to a YAML file. You can do that in the pipeline's Settings tab:

Exporting settingsExporting settings

If you examine the file, you will see all sensitive data (passwords, keys, encrypted variables) is now encrypted:

YAML encryptionYAML encryption

Now you can use the file to safely reproduce the pipelines in any new project with the Import option in the right column of the Pipelines view.

IMPORTANT: The salt required to decrypt the data is stored in your workspace Preferences:

Salt for YAML/API encryptionSalt for YAML/API encryption

YAML Helper

The improvement also involves the YAML helper that you can use to manage and export pipeline configuration. Now, you can also use it to generate encrypted values for your buddy.yml:

Generating YAML encrypted valuesGenerating YAML encrypted values

Click here to learn more about YAML configuration in Buddy.
Buddy is 100% customer driven. If there’s a feature or integration you miss, let us know in the comments below or directly at


Alexander Kus

Alexander Kus

Customer Success Manager

A story-teller and conversation-lover, Alexander decided to invest his skills to help his friends at Buddy transform the cold language of patch notes into exciting narratives. Also: an avid gamer, hip-hop DJ, Liverpool FC fan, absentminded husband, and the father of two.