buildkite-agent secret

The secrets command, as well as its associated server-side features, are currently in feature preview.

If you're interested in trialing Buildkite Secrets, contact support.

The buildkite-agent secret command allows you to query and retrieve secrets from Buildkite's secret storage. This command is useful for fetching secrets that are required by your build scripts, without having to configure third-party secret management systems.

Getting a secret

Get a secret by key from Buildkite Pipelines Secrets and print it to stdout.


--job value #

Which job should should the secret be for
Environment variable: $BUILDKITE_JOB_ID

--skip-redaction #

Skip redacting the retrieved secret from the logs. Then, the command will print the secret to the Job's logs if called directly.

--agent-access-token value #

The access token used to identify the agent

--endpoint value #

The Agent API endpoint (default: "")
Environment variable: $BUILDKITE_AGENT_ENDPOINT

--no-http2 #

Disable HTTP2 when communicating with the Agent API.
Environment variable: $BUILDKITE_NO_HTTP2

--debug-http #

Enable HTTP debug mode, which dumps all request and response bodies to the log
Environment variable: $BUILDKITE_AGENT_DEBUG_HTTP

--no-color #

Don't show colors in logging
Environment variable: $BUILDKITE_AGENT_NO_COLOR

--debug #

Enable debug mode. Synonym for `--log-level debug`. Takes precedence over `--log-level`
Environment variable: $BUILDKITE_AGENT_DEBUG

--log-level value #

Set the log level for the agent, making logging more or less verbose. Defaults to notice. Allowed values are: debug, info, error, warn, fatal (default: "notice")
Environment variable: $BUILDKITE_AGENT_LOG_LEVEL

--experiment value #

Enable experimental features within the buildkite-agent

--profile value #

Enable a profiling mode, either cpu, memory, mutex or block
Environment variable: $BUILDKITE_AGENT_PROFILE