Secrets in YAML

  1. Define sensitive data in the GUI with environment variables and use variable keys instead of real values
  2. Encrypt the value using Buddy Encryption Tool and provide the encrypted value in the YAML file

Using encrypted variables in YAML

Here we'll show you how to define a password using encrypted variables in YAML using the example of the SFTP action.

  1. Open the Variables, Keys & Assets tab in your project and click Add to create a new variable:

Image loading...Variables tab

  1. Add a new variable and mark it as encrypted:

Fill in the Name and Value fields, then check the Masked option to encrypt the variable. You can also check Settable if the variable is to be overwritten. Select the Scope (Workspace, Project, Pipeline) and optionally add a description.

Finally, click Add this variable, to save the variable.

Image loading...Adding encrypted variable

  1. With the variable defined, you can now use it in the YAML file:

Image loading...Buddy YAML with password variable

When you define a variable and use it in a YAML file, Buddy automatically encrypts sensitive data such as passwords – as shown in the second image.

Image loading...Buddy YAML with secure password value

Using encrypted variables in YAML with Buddy Encryption Tool

We shall use the same SFTP action to explain how to define a password with an encrypted value.

  1. Navigate to the YAML tab of the pipeline. Click on Helpers and select Encrypt:

Image loading...Generating new encrypted value

  1. Enter the value and click Insert value to automatically add the encrypted string to the configuration, or use Copy value to copy it manually and paste it into the YAML file.

Image loading...Setting new encrypted value

Warning
The salt which is used to encrypt the values is unique for each workspace. If you change it, you will need to change all encrypted values in your YAML files. The value should be changed only when you move your pipelines with the export/import option – either to another workspace, or from Cloud to the self-hosted version.

Last modified on Jul 4, 2025