buildkite-agent secret

The buildkite-agent secret command allows you to query and retrieve secrets from Buildkite secrets storage. This command is useful for fetching secrets that are required by your build scripts, without having to configure third-party secret management systems.

Getting a secret


buildkite-agent secret get [key] [options...]


Gets a secret from Buildkite secrets and prints it to stdout. The key specified in this command is the key's name defined for the secret in its cluster. The key's name is case insensitive in this command, and the key's value is automatically redacted in the build logs.


The following examples reference the same Buildkite secret key:

$ buildkite-agent secret get deploy_key
$ buildkite-agent secret get DEPLOY_KEY


--job value #

Which job should should the secret be for
Environment variable: $BUILDKITE_JOB_ID

--skip-redaction #

Skip redacting the retrieved secret from the logs. Then, the command will print the secret to the Job's logs if called directly.

--agent-access-token value #

The access token used to identify the agent

--endpoint value #

The Agent API endpoint (default: "")
Environment variable: $BUILDKITE_AGENT_ENDPOINT

--no-http2 #

Disable HTTP2 when communicating with the Agent API.
Environment variable: $BUILDKITE_NO_HTTP2

--debug-http #

Enable HTTP debug mode, which dumps all request and response bodies to the log
Environment variable: $BUILDKITE_AGENT_DEBUG_HTTP

--no-color #

Don't show colors in logging
Environment variable: $BUILDKITE_AGENT_NO_COLOR

--debug #

Enable debug mode. Synonym for `--log-level debug`. Takes precedence over `--log-level`
Environment variable: $BUILDKITE_AGENT_DEBUG

--log-level value #

Set the log level for the agent, making logging more or less verbose. Defaults to notice. Allowed values are: debug, info, error, warn, fatal (default: "notice")
Environment variable: $BUILDKITE_AGENT_LOG_LEVEL

--experiment value #

Enable experimental features within the buildkite-agent

--profile value #

Enable a profiling mode, either cpu, memory, mutex or block
Environment variable: $BUILDKITE_AGENT_PROFILE