Skip to main content
  • Home
  • API
  • Managing Secrets with the API

Managing Secrets with the API

This guide describes how to manage your secrets with the Bitrise API. If you’d like to learn more about how to do the same on the UI, check out Secrets.

Table 1. Endpoints related to Secrets

Endpoints

Function

Required role on the app's team

GET/apps/{app-slug}/secrets

Get a list of Secrets of a specified app.

Owner or Admin

GET/apps/{app-slug}/secrets/{secret-name}/value

Get the value of an (unprotected) Secret.

Owner or Admin

PUT/apps/{app-slug}/secrets/{secret-name}

Create or update a Secret.

Owner or Admin

DELETE/apps/{app-slug}/secrets/{secret-name}

Delete a Secret.

Owner or Admin

Viewing the Secrets of an app

Required role

You must have an admin or owner role on the app's team to view Secrets using the Bitrise API.

For a complete list of user roles and role cheatsheets, check User roles on app teams.

You can view the Secrets of an app with the help of the API.

You can get a list of all the Secrets of an app with the GET/apps/{app-slug}/secrets endpoint.

You can view a specific Secret if its is_protected value is set to false.

Example 1. Viewing an app's Secret called "test"

Request:

curl -X GET -H  'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/APP-SLUG/secrets/test/value'

The response will give the value of the Secret if its is_protected value is set to false:

{
  "value": "123ld"
}

Creating or updating Secrets

Required role

You must have an admin or owner role on the app's team to create/update Secrets using the Bitrise API.

For a complete list of user roles and role cheatsheets, check User roles on app teams.

You can create or update Secrets using the PUT method of the secrets endpoint.

If a Secret does not exist with the secret-name you provide, a new Secret will be created. If the Secret already exists, it will be updated with the new values you provided.

The required parameter are:

  • app slug

  • secret's name

Optional parameters are:

  • expand_in_step_inputs: Set to true if you want Bitrise CLI to expand Secret before passing it on to Steps.

  • is_exposed_for_pull_requests: Set to true if you want Secret to be exposed for pull requests.

  • is_protected: Set to true if you want your Secret's value to be protected. (You will not be able to view Secret's value using the GET method.)

  • value: The value stored in the Secret.

Example 1. Creating a new Secret called "test"

Request:

curl -X PUT -H 'Authorization: THE-ACCESS-TOKEN' 'https://api.bitrise.io/v0.1/apps/THE-APP-SLUG/secrets/test' -d '{"expand_in_step_inputs": true, "is_exposed_for_pull_requests": true, "is_protected": false, "value": "123ld2"}'

In this section:

A Secret is a specific type of Environment Variable: they hide their information in an encrypted format and their value is not exposed in the build logs nor in the bitrise.yml configuration. You can store confidential information, such as passwords or API keys as Secrets.