buildkite-agent redactor

The Buildkite Agent automatically redacts some sensitive information from logs, such as secrets fetched with the secret get command, and any environment variables that match the value given in the --redacted-vars flag.

However, sometimes a job will source something sensitive through a side channel - perhaps a third-party secrets storage system like Hashicorp Vault or AWS Secrets Manager. In these cases, you can use the redactor add command to add the sensitive information to the redactor, ensuring it is redacted from subsequent logs.

Adding a value to the redactor

This may be used to parse a file for values to redact from a running job's log output. If you dynamically fetch secrets during a job, it is recommended that you use this command to ensure they will be redacted from subsequent logs. Secrets fetched with the builtin secret get command do not require the use of this command, they will be redacted automatically.


--format value #

The format for the input, one of: [json none]. `none` will add the entire input as a to the redactor, save for leading and trailing whitespace, `json` will parse it a string valued JSON Object, where each value of each key will be added to the redactor. (default: "none")

--agent-access-token value #

The access token used to identify the agent

--endpoint value #

The Agent API endpoint (default: "")
Environment variable: $BUILDKITE_AGENT_ENDPOINT

--no-http2 #

Disable HTTP2 when communicating with the Agent API.
Environment variable: $BUILDKITE_NO_HTTP2

--debug-http #

Enable HTTP debug mode, which dumps all request and response bodies to the log
Environment variable: $BUILDKITE_AGENT_DEBUG_HTTP

--no-color #

Don't show colors in logging
Environment variable: $BUILDKITE_AGENT_NO_COLOR

--debug #

Enable debug mode. Synonym for `--log-level debug`. Takes precedence over `--log-level`
Environment variable: $BUILDKITE_AGENT_DEBUG

--log-level value #

Set the log level for the agent, making logging more or less verbose. Defaults to notice. Allowed values are: debug, info, error, warn, fatal (default: "notice")
Environment variable: $BUILDKITE_AGENT_LOG_LEVEL

--experiment value #

Enable experimental features within the buildkite-agent

--profile value #

Enable a profiling mode, either cpu, memory, mutex or block
Environment variable: $BUILDKITE_AGENT_PROFILE