- Do you want to request a feature or report a bug?
It's a feature !
- What is the current behavior?
Not being able to store secret credentials in Netlify
- What is the expected behavior?
Being able to store encrypted credentials to external services like an API key.
@DirtyF I've been thinking about the same thing! Basically a command to sync the build environment variables stored in Netlify's UI with a local .env file.
Truth is this feature was asked by @pixelastic because you need to pass Algolia's credentials 馃攽 to build you search index and push it to your account 猬嗭笍 .
Thanks for the issue @DirtyF :)
What I was actually looking for was a way to define secret environment variables for public repos.
I can't put them in netlify.toml as they will be publicly visible. I could put them in my env variables through the UI and they will be hidden... until someone submits a PR with a deploy preview and a malicious script to display them.
Just to confirm, this request is to specifically support better ENV secrete management in our builds bots, similar to what appveyor and travis have, correct?
I definitely agree with you, this is critical. This is a platform level change we are current interested in and tracking. Since this doesn't appear to be specifically related to the CLI, I'm going to close this issue. If I've left something CLI specific unaddressed, please let me know and we can re-open. I'm going to do some research to see how far off this is and if its not coming soon, we can perhaps explore a cli related solution.
Just to confirm, this request is to specifically support better ENV secrete management in our builds bots, similar to what appveyor and travis have, correct?
Yes, this is what I was looking for
Most helpful comment
Thanks for the issue @DirtyF :)
What I was actually looking for was a way to define secret environment variables for public repos.
I can't put them in
netlify.tomlas they will be publicly visible. I could put them in my env variables through the UI and they will be hidden... until someone submits a PR with a deploy preview and a malicious script to display them.