Protect your secrets

Keep your secret env vars secret for all eternity and your files belonging to certain apps protected against downloading.

Keep your secret env vars secret for all eternity and your files belonging to certain apps protected against downloading.

From now on the secret environment variables belonging to your apps are not displayed as default, only the list of them and the keys (their names), until you set it to be otherwise. We've also added a new feature to your apps' Secrets and Code Signing tabs: a toggle called 'protected'. With this, you can make your secrets unexposable and your code signing certificates undownloadable.

You should use this feature for secrets that you want to keep secret. 😎 This can be a password that you don't want other team members to see, even if they have access to the Secrets tab. Or the CTO can set an API-key and lock it so that the developers won't be able to see it or edit it, but the build still can use it.

Secrets tab

You can add new secrets to your app under the Secrets tab. Once you save them and refresh the page, stars will appear instead of the values. (Until now, the values were always printed here.) The values will only be sent to front-end when you click the eye, if you set it protected, it'll only get sent to the build machine.

Secret keys (and their values) cannot be changed only deleted.

We've added a crossed eye icon, which will expose the secret and show the value.

Another new feature is available under the drop-down menu (...): you can Make it protected. If you set an env var protected, you cannot see the value any longer, in fact, nobody can see it any longer, deleting it is the only option remaining. If you click the button, a popup appears warning you that this action is irreversible.