Amazon CodeCatalyst is no longer open to new customers. Existing customers can continue to use the service as normal. For more information, see [How to migrate from CodeCatalyst](migration.md).
# Masking data using secrets
There may be times when you need to use sensitive data, such as authentication credentials, in your workflows. Storing these values in plaintext anywhere in your repository should be avoided because anyone with access to the repository which contains the secret can see them. Similarly, these values shouldn't be used directly in any workflow definitions because they will be visible as files in your repository. With CodeCatalyst, you can protect these values by adding a secret to your project, and then referencing the secret in your workflow definition file. Note that you can have a maximum of five secrets per action.
**Note**
Secrets can only be used to replace passwords and sensitive information in the workflow definition file.
**Topics**
+ [
# Creating a secret
](workflows-secrets.creating.md)
+ [
# Editing a secret
](workflows-secrets.editing.md)
+ [
# Using a secret
](workflows-secrets.using.md)
+ [
# Deleting a secret
](workflows-secrets.deleting.md)
# Creating a secret
Use the following procedure to create a secret. The secret contains the sensitive information that you want to hide from view.
**Note**
Secrets are visible to actions and are not masked when written to a file.
**To create a secret**
1. Open the CodeCatalyst console at [https://codecatalyst.aws/](https://codecatalyst.aws/).
1. In the navigation pane, choose **CI/CD**, and then choose **Secrets**.
1. Choose **Create secret**.
1. Enter the following information:
**Name**
Enter a name for your secret.
**Value**
Enter the value for the secret. This is the sensitive information that you want to hide from view. By default, the value is not displayed. To display the value, choose **Show value**.
**Description**
(Optional) Enter a description for your secret.
1. Choose **Create**.
# Editing a secret
Use the following procedure to edit a secret.
**To edit a secret**
1. Open the CodeCatalyst console at [https://codecatalyst.aws/](https://codecatalyst.aws/).
1. In the navigation pane, choose **CI/CD**, and then choose **Secrets**.
1. In the secrets list, choose the secret that you want to edit.
1. Choose **Edit**.
1. Edit the following properties:
**Value**
Enter the value for the secret. This is the value that you want to hide from view. By default, the value is not displayed.
**Description**
(Optional) Enter a description for your secret.
1. Choose **Save**.
# Using a secret
To use a secret in a workflow action, you must obtain the reference identifier of the secret and use that identifier in the workflow action.
**Topics**
+ [
## Obtaining the identifier of a secret
](#workflows-using-secrets.get-identifier)
+ [
## Referencing a secret in a workflow
](#workflows-using-secrets.using-identifier)
## Obtaining the identifier of a secret
Use the following procedure to obtain the reference identifier of the secret. You'll add this identifier to your workflow.
**To obtain the reference identifier of the secret**
1. Open the CodeCatalyst console at [https://codecatalyst.aws/](https://codecatalyst.aws/).
1. In the navigation pane, choose **CI/CD**, and then choose **Secrets**.
1. In the list of secrets, find the secret that you want to use.
1. In the **Reference ID** column, copy the identifier of the secret. The following is the syntax for the **Reference ID**:
```
${Secrets.}
```
## Referencing a secret in a workflow
Use the following procedure to reference a secret in a workflow.
**To reference a secret**
1. In the navigation pane, choose **CI/CD**, and then choose **Workflows**.
1. Choose the name of your workflow. You can filter by the source repository or branch name where the workflow is defined, or filter by workflow name or status.
1. Choose **Edit**.
1. Choose **YAML**.
1. Modify the YAML to use the identifier of the secret. For example, to use a user name and password that are stored as secrets with the `curl` command, you would use a `Run` command similar to the following:
```
- Run: curl -u : https://example.com
```
1. (Optional) Choose **Validate** to validate the workflow's YAML code before committing.
1. Choose **Commit**, enter a commit message, and choose **Commit** again.
# Deleting a secret
Use the following procedure to delete a secret and the secret reference identifier.
**Note**
Before deleting a secret, we recommend that you remove the secret's reference identifier from all workflow actions. If you delete the secret without deleting the reference identifier, the action will fail the next time it runs.
**To delete a secret's reference identifier from a workflow**
1. Open the CodeCatalyst console at [https://codecatalyst.aws/](https://codecatalyst.aws/).
1. In the navigation pane, choose **CI/CD**, and then choose **Workflows**.
1. Choose the name of your workflow. You can filter by the source repository or branch name where the workflow is defined, or filter by workflow name or status.
1. Choose **Edit**.
1. Choose **YAML**.
1. Search the workflow for the following string:
```
${Secrets.
```
This finds all reference identifiers of all secrets.
1. Delete the reference identifier of the chosen secret, or replace it with a plaintext value.
1. (Optional) Choose **Validate** to validate the workflow's YAML code before committing.
1. Choose **Commit**, enter a commit message, and choose **Commit** again.
**To delete a secret**
1. Open the CodeCatalyst console at [https://codecatalyst.aws/](https://codecatalyst.aws/).
1. In the navigation pane, choose **CI/CD**, and then choose **Secrets**.
1. In the secrets list, choose the secret you want to delete.
1. Choose **Delete**.
1. Enter **delete** to confirm the deletion.
1. Choose **Delete**.