Information for:

# Encrypting keys and variables¶

A build definition file may need to include sensitive information, such as SSH keys or passwords that are needed to access private resources, but you do not want to include these in plain text in your build definition file. You can encrypt this sensitive information, and then use the encrypted value in a secure element in the build definition file.

You can use either the Acquia Cloud interface or the command line to encrypt your variables and keys that are to be stored with your codebase. Follow the procedures based on your selected method:

• Using the Acquia Cloud interface

2. Select the application that you want to use.
3. In the left menu, click Pipelines.
5. Click Encrypt Credentials.
6. To encrypt an environment variable, click Environment Variable, and type the name of your variable and its value into the fields provided.
7. To encrypt an SSH key, click SSH Keys, and then use one of the following methods to provide the contents of your key:
• Drag your key into the box to copy its contents; the field will turn blue to indicate when you’ve dragged it to the correct place.
• Copy and paste the contents of your key into the field.
8. Click Encrypt. The encrypted version of your information will appear in the box to the right.
9. Click the Copy icon to copy the encrypted information to your clipboard.
10. Click Close.
• Using the command line

To encrypt an SSH private key, execute the following command, replacing [~/.ssh/id_rsa] with the actual path to the SSH private key you want to encrypt:

cat [~/.ssh/id_rsa] | pipelines encrypt -


To encrypt arbitrary text (such as a password), use the following command, replacing my password (but not the enclosing quotation marks) with your text:

echo "my password" | pipelines encrypt -


Note

Additional command-line encryption examples are available in the 301 tutorial - Accessing private repositories example on GitHub.

## Placing encrypted information in your codebase¶

Encrypted SSH keys should be stored in the ssh-keys element of your acquia-pipelines.yaml file with a name of your choosing. For example:

ssh-keys:
mykey:
secure: 2acIshWAndTh1sG0esOn . . .


The decrypted SSH private key will then be available during your build.

Encrypted variables should be stored in the variables element of your acquia-pipelines.yaml file with a variable name of your choosing. For example:

variables:
global:
secure: 2acqDl…


The decrypted value will be available as an environment variable during your build.

Note

For more information about the acquia-pipelines.yaml file, see Creating and managing your build definition file.