Shippable uses Vault to store your secrets safely. All secrets are accessed with time and access based tokens, and are encrypted in-flight and at-rest.
You can set scope for each secret and grant access at a Subscription or Job level. This ensures that each secret is only available to the jobs that truly need it.
You can refer to secrets with friendly names in your automation scripts. This makes it easy to change the underlying secret when you want to rotate them without needing to touch your scripts.
We scrub your logs so that no secrets are disclosed if you need to share them for debugging purposes. This prevents accidental disclosures that can cause a lot of heartache.
You can sign in to Shippable with your source control credentials and we will automatically pull all your repositories and organizations. With GitHub, you can even choose to only grant permissions to public repositories.
We sync your account permissions for each repository and enforce Role Based Access Control (RBAC) to Shippable functionality based on those permissions. If a team member leaves your organization, their access is automatically revoked.
Your build nodes are only used to run your jobs. All secrets and any artifacts created by the platform during job execution are cleaned up between subsequent runs.
Since each node only runs one job at a time, the job process is completely isolated. Job can be executed in a consistent and repeatable fashion since they do not compete for resources.