Multiple Contexts in a Workflow

It would be useful to be able to specify multiple Context's in a workflow. As a general best security practice, any given workflow should only have access to the secrets that it absolutely needs. In order to accomplish this with Context's currently however, many projects would need their own Context, containing only the secrets relevant to that project. This defeats the point of Contexts, making them less reusable. Allowing a workflow to specify multiple Contexts maintains this principle of least privilege, without sacrificing the usability of Contexts. Exampe:

 

workflows:
main:
jobs:
- example-job:
context:
- AWS
- Heroku
- Cloudflare

 

There's more discussion in this forum thread.

  • Eric Dahlseng
  • Dec 12 2018
  • Taking votes
  • Attach files
  • Rodrigo Diez Villamuera commented
    11 May 08:39am

    +1, multiple context would help us to define secrets and variables once and use multiple times. Without multiple contexts, admin becomes a pain

  • Corey Rastetter commented
    7 May 07:55pm

    +1

  • Lukas Siemon commented
    27 Mar 05:55pm

    Very unfortunate that this still hasn't been added. We have a lot of contexts (~100) and updating them (even through a script) is a pain. Any feedback where this is on the priority list?

  • Guest commented
    13 Mar 07:30pm
    > This is a big missing feature. Already set the variables only for this not to be supported.


    This just caught me as a surprise, too, dandelion!
    I assumed it must work with multiple contexts, but right, 'context'', not 'contexts'...

    Having granular sets of variables for, say, aws, vault and share them amongst many projects - it would be great to have this!

  • Yan Ferreira commented
    11 Mar 04:30pm

    +1

  • Sam Bryant commented
    11 Mar 04:02pm

    Might not be what everyone here is after but we have written a tool to help manage secrets on contexts. https://github.com/armakuni/circleci-context-secret-manager

    The core idea is that one context extends another (much like you would want with multiple contexts). But the tool deals with setting the required duplicate values in CircleCI. So you always just use a single context by job but that could have been made up of multiple other contexts with overrides etc based on some config files. We only open sourced the tool today so getting feedback would be awesome.

  • Michele Degges commented
    11 Mar 04:26am

    +1

  • Joe Cuffney commented
    3 Mar 01:41am

    +1

  • Daiki Watanabe commented
    2 Mar 08:27am

    :+1:

  • Ahmed Tarek commented
    11 Feb 01:19am

    +1

    Currently being limited to one context disables quite a strong pro that we can use contexts for. Contexts have a great potential to share secure environment variables between all repos/jobs while maintaining a single source of truth and no replications.

  • Olumide Omotoso commented
    10 Feb 08:05am

    This is a big missing feature. Already set the variables only for this not to be supported.

  • Guest commented
    31 Jan 04:28pm

    Would be so helpful to have the ability to use multiple contexts. +1

  • Milos Mircov commented
    24 Jan 04:00pm

    +1

  • Kevin Ly commented
    20 Jan 03:15pm

    +1

  • Ke Zhang commented
    18 Dec, 2019 06:58pm

    Please add this!  Now, instead of organize contexts by function, we have to organize them by topic and have many duplicates

  • Timothy c commented
    29 Nov, 2019 02:27pm

    There have been forum questions regarding setting environmental variables on workflows which obviously overlaps with this.

    Not trying to add anything into the work being proposed, but being able to flag a context as not containing sensitive information REALLY useful as this would then address these issues.

     

  • Malte Isberner commented
    6 Nov, 2019 02:31am

    Agree this is a massive oversight. Either allow defining contexts that include other contexts (server-side), or add a `contexts:` key to the spec. Can't really be that hard.

  • Paul White commented
    30 Oct, 2019 11:19am

     +1

  • James Pike commented
    15 Oct, 2019 07:04am

    This is a massive oversight. I'm starting to consider if I made the right choice to go with CircleCI after having to slowly replicate 50 environment variables three times. It took me 5 hours of copy and pasting. Now my hands hurt. On gitlab CI this was a non-issue.

  • Jophin Joseph commented
    1 Oct, 2019 10:40am

    This is a major miss in contexts. Having to replicate a lot of environment variables across multiple contexts now. 

  • Load older comments
  • and 245 more