Every secret environment variable (secret env var) is an env var but not every environment variable (env var) is a secret env var!
About Env Vars ⚓
In your Workflow Editor, you can set an env var with a key and a value in the Env Vars tab which is a collection of all the env vars registered for your app. Env vars can be referenced as many times as you wish in any of your workflow steps, unless you set it only for a specific workflow.
Check out our short youtube tutorial on how to insert variables in step inputs!
If you click the insert variable button next to any step input field in your workflow, you can select the suitable env var from the Insert variable pop-up window. This interactive list displays all the available env vars you have set in the Env Varstab and those that have been already generated by previous steps in the workflow.
As an example, if you click into an input of the third step of your workflow, the Insert variable list will include all the env vars (outputs) generated by the first and second steps, and the ones you have registered in Env Vars. The list will not show those which will be generated by the fourth, fifth, sixth steps.
You can also replace the variable for a new one in Env Vars. Delete the old value and set the new one. If you toggle the Replace variables in inputs to the right, the new value will be used everywhere in your workflow.
Contrary to secret env vars, env vars are fully exposed in builds triggered by pull requests so you should not add any sensitive information to Env Vars.
Setting an env var in every/in a specific workflow ⚓
Under App Environmental Variables, you can set all the env vars you wish to use later on in all your workflows.
You can set env vars for any of your workflows separately as well. If you wish to set an env var with a variable which will be only used in a particular workflow, then select the respective workflow from the list and add the env var there. The list is comprised of the workflows you named for your app. (In this example below, the app has a deploy, primary and dummy workflow.)
Check out our list of Available Environment Variables exposed by Bitrise CLI and bitrise.io.
About Secrets ⚓
Secret env vars are special type of env vars as they hide information in an encrypted format so that your private input is not exposed in the build logs/bitrise.yml. Secret env vars can be set by adding the env var key and the variable in the Secrets tab of the Workflow Editor.
You can replace the variable for a new one in Secrets by clicking the eye icon, manually deleting the old value and setting the new one. (Do not use the orange Delete button as it will delete the whole row!)
If you toggle the Replace variables in inputs to the right, the new value will be used everywhere in your workflow.
The Expose for Pull Request can be enabled if you want your secrets to be exposed in your build logs in PRs.
Head over to Secrets for more information on secret filtering.
Hiding values in Secrets tab ⚓
You can show and hide the value of an env var with the eye icon. This feature is useful if you have a long list of secret env vars in Secrets and you wish to check the value of only one secret env var while leaving the other values hidden. If a value is hidden, it’s represented with the crossed out eye icon.
Select Make it protected by clicking the 3 dots ... next to the value. Once you set a value to this status, you will see a lock, meaning neither you nor anybody with the access to the app can “unlock”/check the value again. Since this change is irreversible, a confirmation pop-up window will be displayed prior to saving your changes.
