Credentials & API Keys
pipel8ne includes a credential vault — encrypted storage for secrets that your pipeline steps need at runtime (Docker registry tokens, SSH keys, API tokens, etc.).
How it works
Credentials are stored encrypted at rest using AES-256-GCM. The raw value is only visible to you when you first enter it — it is never returned by the API afterward.
When you export a pipeline to YAML, credentials are referenced by name as environment variables or secrets, not embedded in the file. You inject the actual values through your CI platform's secret management.
Managing credentials
Go to Settings → Credentials (click your avatar in the top right, then Settings).
Adding a credential
Click New Credential and fill in:
| Field | Description | Example |
|---|---|---|
| Label | Friendly name used to identify it | Docker Hub Token |
| Provider | The service this credential is for | github, docker, aws, etc. |
| Value | The secret value | Your token, password, or key |
Click Save. The value is encrypted and stored. You will not be able to see it again.
Using a credential in a step
When configuring a step that supports credentials (Docker, Deploy, Notification), open the step's config panel. In the Secrets section, select the credential by label from the dropdown.
In the exported YAML, the credential is referenced as an environment variable:
# GitHub Actions example
- name: Push Docker image
env:
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
run: |
echo "$DOCKER_TOKEN" | docker login -u myuser --password-stdinYou still need to add the secret to your CI platform (GitHub Secrets, GitLab CI Variables, Azure DevOps Variable Groups) with the same name.
Deleting a credential
Click the trash icon next to a credential. This permanently removes it from the vault.
WARNING
Deleting a credential does not update pipelines that reference it. If any step references a deleted credential, the exported YAML will still contain the reference, but the CI run will fail because the secret is undefined.
API Keys
API keys let you authenticate with the pipel8ne API programmatically (e.g. from a script or CI job).
Creating an API key
Go to Settings → API Keys, click New API Key, and give it a name.
The key is shown once — copy it immediately. It will not be displayed again.
p8n_aAbBcCdDeEfFgGhHiIjJkKlLmMnNoOpPqQ...Using an API key
Pass the key as a Bearer token in the Authorization header:
curl -H "Authorization: Bearer p8n_aAbBcC..." \
http://localhost:3000/api/projectsRevoking an API key
Click Revoke next to a key. The key immediately stops working. You can also permanently delete it.
TIP
Create one API key per integration (e.g. one for your CI bot, one for your deployment script). This way you can revoke individual keys without affecting others.