Secure Credential Transmission


Codecov has a public GPG key available on our security page and on Keybase

Follow the below instructions for sending your Git Provider credentials to Codecov.

Create file with credentials

This can be a single file or a zip file. In this example, I have created single file called codecov-credentials.txt the values are the example values from GitHub App Integration credentials instructions

Import GPG key

Using keybase or the public key from our security site run

curl | gpg --no-default-keyring --import

Encrypt the credentials

gpg --output codecov-credentials.gpg --encrypt --recipient [email protected] codecov-credentials.txt
example output

example output

Send the encrypted file to Codecov

Use a private transmission method of your choice to send the file to Codecov.

  • Email [email protected]
  • Onetime link via password utility such as 1Password
  • Other methods discussed with your Codecov representative