December 19, 2018
Sensitive Data Encryption in YAML
From this week onward, all sensitive data exported to YAML will be encrypted and salted. This includes server passwords, keys, and variables marked as encrypted. It is also possible to generate encrypted values directly in Buddy using our YAML helper.
Let's say you have a pipeline that you want to use as a template for future projects. The pipeline includes deployment actions to multiple servers, some of them secured by passwords (FTP/FTPS), some of them by SSH keys (SFTP):
To use the configuration as a template, you first need to export it to a YAML file. You can do that in the pipeline's Settings tab:
If you examine the file, you will see all sensitive data (passwords, keys, encrypted variables) is now encrypted:
Now you can use the file to safely reproduce the pipelines in any new project with the Import option in the right column of the Pipelines view.
IMPORTANT: The salt required to decrypt the data is stored in your workspace Preferences:
Salt for YAML/API encryption
The improvement also involves the YAML helper that you can use to manage and export pipeline configuration. Now, you can also use it to generate encrypted values for your
Generating YAML encrypted values
Customer Success Manager