According to docs, you can encrypt any value in YAML config.
Also, according to docs, there are two ways of specifying env vars:
- by supplying a list of strings:
- by supplying a mapping:
So in the first case, the “value” in YAML struct is the whole
key=val string, while in the second case only
val part is a value, so you can encrypt only that thing:
While what I described is used to work, there’s a recently introduced bug applying to random repos, because they use a different version of YAML parser.
I’ve filed it here:
With a demo test:
@BanzaiMan it looks like a fairly serious bug, do you mind checking the details?