CircleCI Integration
Shield integrates seamlessly with CircleCI to protect your build logs from secret exposure.
Basic Setup
Add Shield to your .circleci/config.yml:
version: 2.1
jobs:
test:
docker:
- image: cimg/node:20.0
steps:
- checkout
- run:
name: Install Shield
command: npm install -g @dotsetlabs/shield
- run:
name: Install dependencies
command: npm ci
- run:
name: Run tests with protection
command: dotset run --mode redact -- npm test
workflows:
main:
jobs:
- test
Using Context Variables
CircleCI contexts provide secure environment variables:
version: 2.1
jobs:
deploy:
docker:
- image: cimg/node:20.0
steps:
- checkout
- run:
name: Install Shield
command: npm install -g @dotsetlabs/shield
- run:
name: Deploy with protection
command: dotset run --mode redact -- ./deploy.sh
workflows:
main:
jobs:
- deploy:
context:
- aws-credentials
- dotset-shield
Create a dotset-shield context with your DOTSET_API_TOKEN for analytics tracking.
Using Project Environment Variables
Set variables in Project Settings → Environment Variables:
jobs:
test:
docker:
- image: cimg/node:20.0
environment:
# These are automatically injected
DATABASE_URL: $DATABASE_URL
API_KEY: $API_KEY
steps:
- checkout
- run: npm install -g @dotsetlabs/shield
- run: dotset run --mode redact -- npm test
Using with .env Files
Create a .env file from environment variables:
jobs:
test:
docker:
- image: cimg/node:20.0
steps:
- checkout
- run:
name: Create .env file
command: |
echo "DATABASE_URL=$DATABASE_URL" >> .env
echo "API_KEY=$API_KEY" >> .env
- run:
name: Install Shield
command: npm install -g @dotsetlabs/shield
- run:
name: Run tests
command: dotset run --mode redact -- npm test
Cloud Analytics
Link your project to track protection events:
jobs:
test:
docker:
- image: cimg/node:20.0
steps:
- checkout
- run: npm install -g @dotsetlabs/shield
- run: dotset run --mode redact -- npm test
# DOTSET_API_TOKEN should be set in project settings or context
Store your Dotset API token in a CircleCI context for easy sharing across projects.
Caching Shield Installation
Speed up your builds by caching npm global packages:
version: 2.1
jobs:
test:
docker:
- image: cimg/node:20.0
steps:
- checkout
- restore_cache:
keys:
- npm-global-v1-{{ checksum "package-lock.json" }}
- npm-global-v1-
- run:
name: Install Shield
command: npm install -g @dotsetlabs/shield
- save_cache:
paths:
- ~/.npm
key: npm-global-v1-{{ checksum "package-lock.json" }}
- run: npm ci
- run: dotset run --mode redact -- npm test
Complete Example
version: 2.1
orbs:
node: circleci/[email protected]
jobs:
test:
docker:
- image: cimg/node:20.0
steps:
- checkout
- node/install-packages
- run:
name: Install Shield
command: npm install -g @dotsetlabs/shield
- run:
name: Run tests with protection
command: dotset run --mode redact -- npm test
deploy:
docker:
- image: cimg/node:20.0
steps:
- checkout
- run:
name: Install Shield
command: npm install -g @dotsetlabs/shield
- run:
name: Deploy with protection
command: dotset run --mode redact -- ./scripts/deploy.sh
workflows:
build-and-deploy:
jobs:
- test:
context:
- dotset-shield
- deploy:
requires:
- test
context:
- aws-credentials
- dotset-shield
filters:
branches:
only: main
