Secure env variables

#1

I’ve got a few environment variables that I’m setting on the pipeline:

env:
  AWS_ACCESS_KEY_ID: "xyzxyzxyzxyzxyzxyzxyzxyz"
  AWS_SECRET_ACCESS_KEY: "xyzxyzxyzxyzxyzxyzxyzxyzxyzxyz"


steps:
  - command: 
      - "echo Hello World"

Does buildkite have any way to secure those environment variables, or integration to something like AWS Secrets Manager?

#2

I would write a repository-level environment or pre-command hook, fetch the secrets from AWS Secrets Manager or SSM Parameter Store, and export them as env vars.