mirror of https://github.com/renovatebot/renovate
100 lines
3.6 KiB
Markdown
100 lines
3.6 KiB
Markdown
# Using secrets with Mend cloud Apps
|
|
|
|
The information on this page is for the Mend-hosted cloud apps:
|
|
|
|
- Renovate App on GitHub
|
|
- Mend App on Bitbucket
|
|
- Mend App on Azure DevOps
|
|
|
|
If you self-host, you can skip reading this page.
|
|
|
|
## :warning: Migrate secrets in your Renovate config file :warning:
|
|
|
|
Use of encrypted secrets in the Mend Renovate cloud apps has been deprecated and soon the apps will stop reading secrets from the Renovate config file in your repository.
|
|
You must migrate any secrets you currently keep in the Renovate config file, and put them in the app settings page on [developer.mend.io](https://developer.mend.io).
|
|
To add secrets you must have admin-level rights.
|
|
|
|
Read [Migrating encrypted secrets from Repo Config to App Settings](migrating-secrets.md) to learn more.
|
|
|
|
## Managing secrets for the Mend-hosted cloud apps
|
|
|
|
This section explains how you manage secrets for the Mend-hosted cloud apps.
|
|
If you self-host you do not need this section.
|
|
|
|
### Adding a secret
|
|
|
|
To add a secret for the Mend cloud app:
|
|
|
|
1. Go to the web UI at [developer.mend.io](https://developer.mend.io).
|
|
2. Open your organization/repository settings.
|
|
3. Put the secret in the _Credentials_ section:
|
|
|
|
![Credentials settings page](../assets/images/app-settings/app-credentials.png)
|
|
|
|
4. Reference the secret from Renovate config files inside the repo.
|
|
Alternatively, you can use the Host Rules UI (see below).
|
|
|
|
```json
|
|
{
|
|
"hostRules": [
|
|
{
|
|
"matchHost": "github.com",
|
|
"token": "{{ secrets.MY_ORG_SECRET }}"
|
|
}
|
|
]
|
|
}
|
|
```
|
|
|
|
### Adding a host rule through the UI
|
|
|
|
You can centrally add/configure Host Rules through the Mend UI as an alternative to including them in Renovate presets.
|
|
|
|
1. Open the _Credentials_ section of the settings page for the relevant Org or Repo.
|
|
2. Select `ADD HOST RULE` to open the "Add a Host Rule" dialog box.
|
|
|
|
![Add Host Rule](../assets/images/app-settings/add-host-rule.png)
|
|
|
|
3. Fill out the details for your host rule.
|
|
|
|
As an example, if you are a Bitbucket or Azure DevOps user, and you want to specify a github.com token to fetch release notes and enable github-based datasources, you could create a host rule like this:
|
|
|
|
![Host Rules dialog box](../assets/images/app-settings/host-rules.png)
|
|
|
|
## Organization secrets vs repository secrets
|
|
|
|
### Secret scope
|
|
|
|
Secrets can be scoped to your organization _or_ to your repository:
|
|
|
|
| Secret scoped to your | What will happen? |
|
|
| --------------------- | -------------------------------------------------------------- |
|
|
| Organization | Secrets are inherited by all repositories in your organization |
|
|
| Repository | Secrets are referenced by that repository only |
|
|
|
|
### Make changes on the right page
|
|
|
|
The web UI has _two_ settings pages.
|
|
One page is for the organization, and the other page is for the repository.
|
|
|
|
Make sure you're making the changes on the right page!
|
|
|
|
### Example
|
|
|
|
![Credentials from the repository settings page](../assets/images/app-settings/org-and-repo-secrets.png)
|
|
|
|
The screenshot shows inherited organization secrets and specific repository secrets.
|
|
|
|
### Managing organization-level secrets
|
|
|
|
The **Installed Repositories** table means you are on your organization's page.
|
|
Select the _Settings_ button to manage your organization secrets:
|
|
|
|
![organization settings button](../assets/images/app-settings/org-settings-button.png)
|
|
|
|
### Managing repository-level secrets
|
|
|
|
The **Recent jobs** table means you are on your repository's page.
|
|
Select the _Settings_ button to manage your repository secrets:
|
|
|
|
![repository settings button](../assets/images/app-settings/repo-settings-button.png)
|