--- title: "Encrypting keys and variables" date: "2024-02-14T06:18:38+00:00" summary: "Securely encrypt sensitive information like SSH keys and passwords for your build definition files. Learn step-by-step methods using the Cloud Platform interface or command line to protect and utilize encrypted data in your codebase." image: type: "page" url: "/acquia-cloud-platform/encrypting-keys-and-variables" id: "1a37228e-ab41-48c3-9a86-c96d7ecd3006" --- A build definition file may need to include sensitive information, such as SSH keys or passwords that are needed to access private resources, but you do not want to include these in plain text in your build definition file. You can encrypt this sensitive information, and then use the encrypted value in a `secure` element in the build definition file. Encrypting your information --------------------------- You can use either the Cloud Platform interface or the command line to encrypt your variables and keys that are to be stored with your codebase. Follow the procedures based on your selected method: ### Using the Cloud Platform interface 1. [Sign in to the Cloud Platform user interface](/node/55875). 2. Select the application that you want to use. 3. In the left menu, click **Pipelines**. 4. Click **More Links**. ![More Links icon](https://acquia.widen.net/content/r8aa52dj5k/png/pipelines_more-links-icon.png?crop=false&position=c&color=ffffffff&u=0b06mk&w=414&h=164) 5. Click **Encrypt Credentials**. 6. To encrypt an environment variable, click **Environment Variable**, and type the name of your variable and its value into the fields provided. 7. To encrypt an SSH key, click **SSH Keys**, and then use one of the following methods to provide the contents of your key: * Drag your key into the box to copy its contents; the field will turn blue to indicate when you’ve dragged it to the correct place. * Copy and paste the contents of your key into the field. 8. Click **Encrypt**. The encrypted version of your information will appear in the box to the right. 9. Click the **Copy** icon to copy the encrypted information to your clipboard. 10. Click **Close**. ### Using the command line * To encrypt an SSH private key, execute the following command, replacing `[~/.ssh/id_rsa]` with the actual path to the SSH private key you want to encrypt: cat [~/.ssh/id_rsa] | pipelines encrypt - * To encrypt arbitrary text (such as a password), use the following command, replacing `my password` (but not the enclosing quotation marks) with your text: echo "my password" | pipelines encrypt - You are now ready to add your encrypted information to your code repository. Placing encrypted information in your codebase ---------------------------------------------- Regardless of what encrypted information you are adding to your codebase, after adding the information, be sure to commit your changes to your code repository. Encrypted SSH keys should be stored in the `ssh-keys` element of your `acquia-pipelines.yaml` file with a name of your choosing. For example: ssh-keys: mykey: secure: 2acIshWAndTh1sG0esOn . . . The decrypted SSH private key will then be available during your build. Important The default format of SSH keys generated by OpenSSH version 7.8 or later is incompatible with Pipelines. For more information, see [this known issue](/acquia-cloud-platform/features/pipelines/known-issues#known-pipelines-openssh). Encrypted variables should be stored in the `variables` element of your `acquia-pipelines.yaml` file with a variable name of your choosing. For example: variables: global: PASSWORD: secure: 2acqDl… The decrypted value will be available as an environment variable during your build. Note For more information about the `acquia-pipelines.yaml` file, see [Creating and managing your build definition file](/acquia-cloud-platform/features/pipelines/yaml). For more information about default environment variables available to you, see [Default environment variables in Pipelines](/acquia-cloud-platform/features/pipelines/variables). Example build definition files are available at [Example Pipelines build definition files](/acquia-cloud-platform/features/pipelines/yaml/examples).