Vars provide a mechanism to configure a value for runs externally, via vaults. This is useful if you want to be able to change a value used in a run without needing to commit a change to the run definition.

Difference between Secrets and Vars

Vars should be used for values which are not considered sensitive. Do not use them for credentials or API keys.

  • The value for vars is visible in the Mint UI
  • The value for vars will not be scrubbed from the logs like with secrets

If the value is sensitive, you should use secrets instead.

Settings Vars

You can set vars in the Mint UI, under Vaults.

Because vars are not sensitive, you can feel free to add all of them to the default vault.

However, if you have vaults set up for specific repositories, you may want to define them in the corresponding vault.

Although vars are generally used for non-sensitive values, if you do happen to define one in a locked vault, then the Mint run will need to have access to the vault to be able to use the var.

Using vars

You can use vars via expressions.

For a var in the default vault:

  - key: example-task
    run: echo ${{ vars.your-var }}

For a var in a vault named your-other-vault:

  - key: example-task
    run: echo ${{ vaults.your-other-vault.vars.your-var }}

You can also use vars in environment variables:

  - key: example-task
    run: echo "$YOUR_VAR"
      YOUR_VAR: ${{ vars.your-var }}

Or in if conditions:

  - key: example-task
    run: |
      echo this will only run if your-var is set to true
    if: ${{ vars.your-var == 'true' }}

Var Name Format

Var names are case sensitive. The may contain alphanumeric characters, underscores (_), and dashes (-).