🔒 Secure-first SQL Editor with data access control and masking 🎭

Secret Variable

info

This feature is only available in the Pro Plan and Enterprise Plan.

To hide sensitive information in your change script, you can configure secret variables at the database level.

Naming your secrets

The following rules apply to secret names:

  • Names can only contain uppercase alphanumeric ([A-Z], [0-9]) or underscores (_). Spaces are not allowed.

  • Names must not start with the BYTEBASE_ prefix.

  • Names must not start with a number.

  • Names must be unique in a database.

Creating secrets for a database

info

To create database secrets, you must be the Workspace Owner or Workspace DBA.

Step 1 - Navigate to Database

Navigate to the database detail page. Click Settings tab and you will see the Secret block.

database-setting-tab-secret-block

Step 2 - Create a Secret

Click New Secret and fill in the related fields, then click Save.

create-database-secret

Using Secrets in Change Workflow

Use ${{ secrets.SECRET_NAME }} in the change script, and Bytebase will replace it with the actual secret value while executing the change.

info

If a secret has not been set, Bytebase will not replace the ${{ secrets.SECRET_NAME }} with a secret value. This means that expressions are retained as is upon execution.

using-secret-in-dml-issue

Edit this page on GitHub

Schema Migration Best Practice

Challenges, mistakes, and best practices for database schema migration

Learn How

Subscribe to Newsletter

By subscribing, you agree with Bytebase's Terms of Service and Privacy Policy.