Vars
Vars provide a mechanism to configure a value for runs externally, via vaults. This is useful if you want to be able to change a value used in a run without needing to commit a change to the run definition.
Difference between Secrets and Vars
Vars should be used for values which are not considered sensitive. Do not use them for credentials or API keys.
- The value for vars is visible in the Mint UI
- The value for vars will not be scrubbed from the logs like with secrets
If the value is sensitive, you should use secrets instead.
Settings Vars
You can set vars in the Mint UI, under Vaults.
Because vars are not sensitive, you can feel free to add all of them to the default vault.
However, if you have vaults set up for specific repositories, you may want to define them in the corresponding vault.
Although vars are generally used for non-sensitive values, if you do happen to define one in a locked vault, then the Mint run will need to have access to the vault to be able to use the var.
Using vars
You can use vars via expressions.
For a var in the default vault:
tasks:
- key: example-task
run: echo ${{ vars.your-var }}
For a var in a vault named your-other-vault:
tasks:
- key: example-task
run: echo ${{ vaults.your-other-vault.vars.your-var }}
You can also use vars in environment variables:
tasks:
- key: example-task
run: echo "$YOUR_VAR"
env:
YOUR_VAR: ${{ vars.your-var }}
Or in if conditions:
tasks:
- key: example-task
run: |
echo this will only run if your-var is set to true
if: ${{ vars.your-var == 'true' }}
Var Name Format
Var names are case sensitive. The may contain alphanumeric characters, underscores (_), and dashes (-).