From fe5b058c782abb63e8e84d1a7f8901743691d565 Mon Sep 17 00:00:00 2001
From: Tamas Kiss <kiss.tamas94@gmail.com>
Date: Thu, 26 May 2022 12:38:01 +0200
Subject: [PATCH] ci: can't declare pipeline level secret envs

---
 .drone.yml | 17 ++++++++++-------
 1 file changed, 10 insertions(+), 7 deletions(-)

diff --git a/.drone.yml b/.drone.yml
index 1c1c801..ceb0fbe 100644
--- a/.drone.yml
+++ b/.drone.yml
@@ -10,12 +10,6 @@ trigger:
   branch:
   - main
 
-environment:
-  AWS_ACCESS_KEY_ID:
-    from_secret: terraform-aws-key-id
-  AWS_SECRET_ACCESS_KEY:
-    from_secret: terraform-aws-secret-access-key
-
 steps:
 - name: terraform init
   image: hashicorp/terraform:1.1.8
@@ -29,11 +23,20 @@ steps:
     GIT_SSH_COMMAND: "ssh -o StrictHostKeyChecking=no"
     CI_SSH_KEY:
       from_secret: ci-ssh-key
+    AWS_ACCESS_KEY_ID:
+      from_secret: terraform-aws-key-id
+    AWS_SECRET_ACCESS_KEY:
+      from_secret: terraform-aws-secret-access-key
 
 - name: terraform plan
   image: hashicorp/terraform:1.1.8
   commands:
   - terraform plan -out .tfplan
+  environment:
+    AWS_ACCESS_KEY_ID:
+      from_secret: terraform-aws-key-id
+    AWS_SECRET_ACCESS_KEY:
+      from_secret: terraform-aws-secret-access-key
 
 - name: terraform apply
   when:
@@ -48,6 +51,6 @@ steps:
     # - terraform apply -plan .tfplan -auto-approve
 ---
 kind: signature
-hmac: 27148d661f9be0ea64b8ac57e17774f150c39a02565c787ba793bdde3b798110
+hmac: 749e0dee63c0fa75bf15a7c3cf4cf0880acc60dc0ac417d2283a12f45216a7aa
 
 ...