To hide sensitive information in your change script, you can configure secret variables at the database level.

Naming your secrets

The following rules apply to secret names:

  • Names can only contain uppercase alphanumeric ([A-Z], [0-9]) or underscores (_). Spaces are not allowed.

  • Names must not start with the BYTEBASE_ prefix.

  • Names must not start with a number.

  • Names must be unique in a database.

Creating secrets for a database

To create database secrets, you must be the Workspace Admin or Workspace DBA.

Step 1 - Navigate to Database

Navigate to the database detail page. Click Settings tab and you will see the Secret block.

Step 2 - Create a Secret

Click New Secret and fill in the related fields, then click Save.

Using Secrets in Change Workflow

Use ${{ secrets.SECRET_NAME }} in the change script, and Bytebase will replace it with the actual secret value while executing the change.

If a secret has not been set, Bytebase will not replace the ${{ secrets.SECRET_NAME }} with a secret value. This means that expressions are retained as is upon execution.