Variables & Secrets
Variables & Secrets
Section titled “Variables & Secrets”FlightStack supports environment variables and secrets for configuring builds without hardcoding sensitive values.
Environment Variables
Section titled “Environment Variables”Plain-text key-value pairs for configuration:
- Build modes
- API endpoints
- Feature flags
Secrets
Section titled “Secrets”Encrypted values for sensitive data:
- API keys
- Signing credentials
- Passwords
Scopes
Section titled “Scopes”Variables and secrets can be defined at multiple levels:
| Scope | Inheritance | Use Case |
|---|---|---|
| Organization | All repos in org | Shared API keys |
| Repository | All pipelines in repo | Repo-specific config |
| Pipeline | Single pipeline | Pipeline-specific values |
More specific scopes override broader ones.
Using Variables
Section titled “Using Variables”Reference variables in job configurations with double braces:
{{VARIABLE_NAME}}In Shell Scripts
Section titled “In Shell Scripts”echo "Building for $BUILD_MODE"flutter build apk --$BUILD_MODEVariables are exported as environment variables.
In Notification Messages
Section titled “In Notification Messages”Build {{status}} for {{repositoryName}} on {{branch}}In Webhook URLs
Section titled “In Webhook URLs”https://api.example.com/webhook?token={{API_TOKEN}}Built-in Variables
Section titled “Built-in Variables”FlightStack provides built-in variables for every run:
| Variable | Description |
|---|---|
{{repositoryName}} | Repository name |
{{branch}} | Branch being built |
{{commit}} | Full commit SHA |
{{commitShort}} | Short commit SHA (7 chars) |
{{commitMessage}} | Commit message |
{{author}} | Commit author |
{{trigger}} | Trigger type |
{{status}} | Job/run status |
{{runNumber}} | Pipeline run number |
{{timestamp}} | ISO timestamp |
Managing Variables
Section titled “Managing Variables”In the App
Section titled “In the App”- Navigate to Settings (org, repo, or pipeline level)
- Go to Variables or Secrets tab
- Click Add Variable or Add Secret
- Enter key and value
- Save
Common Variables
Section titled “Common Variables”| Variable | Example | Use |
|---|---|---|
BUILD_MODE | release | Flutter build mode |
SLACK_WEBHOOK | https://hooks... | Notification URL |
GOOGLE_PLAY_KEY | JSON service account | Android deployment |
APP_STORE_KEY_ID | ABC123XYZ | iOS deployment |
Secrets for Code Signing
Section titled “Secrets for Code Signing”| Secret | Description |
|---|---|
APP_STORE_CONNECT_API_KEY | API key contents (p8 file) |
APP_STORE_CONNECT_KEY_ID | Key ID |
APP_STORE_CONNECT_ISSUER_ID | Issuer ID |
DISTRIBUTION_CERTIFICATE | Base64-encoded .p12 |
CERTIFICATE_PASSWORD | P12 password |
Android
Section titled “Android”| Secret | Description |
|---|---|
KEYSTORE_FILE | Base64-encoded keystore |
KEYSTORE_PASSWORD | Keystore password |
KEY_ALIAS | Key alias |
KEY_PASSWORD | Key password |
GOOGLE_PLAY_SERVICE_ACCOUNT | JSON service account |
Best Practices
Section titled “Best Practices”- Never hardcode secrets - Always use the secrets system
- Use descriptive names -
PROD_API_KEYnotKEY1 - Scope appropriately - Don’t put repo-specific values at org level
- Rotate regularly - Update secrets periodically
- Audit access - Review who has access to secrets