Trusted Mode in Drone CI fundamentally changes how your build pipelines execute, granting them elevated privileges that are normally restricted for security reasons.
Let’s see this in action. Imagine you have a simple .drone.yml that needs to build a Docker image and push it to a registry.
kind: pipeline
type: docker
name: default
steps:
- name: build-and-push
image: plugins/docker
settings:
repo: your-dockerhub-username/your-repo
tags: latest
By default, this pipeline runs in a sandboxed environment. If you try to do something that requires elevated permissions, like modifying system-level configurations or interacting with hardware directly, it will fail.
However, if you enable Trusted Mode for the repository, the pipeline gains the ability to perform these actions. The key difference is the execution context. In a non-trusted pipeline, Drone runs your build steps within a container that is isolated and has limited access to the host system or its resources. This isolation is crucial for preventing malicious or buggy builds from compromising your build agent or other projects.
When you enable Trusted Mode, you’re essentially telling Drone, "I trust the code in this repository to run with more power." This allows the build container to have more direct access to the host’s resources, or to run with elevated privileges that are usually suppressed. This might include capabilities like mounting host directories, accessing network interfaces directly, or even running commands with sudo if the build agent is configured to allow it within trusted pipelines.
The primary reason you’d enable Trusted Mode is for advanced use cases that standard, sandboxed pipelines can’t handle. This often involves:
- Docker-in-Docker (DinD): Building Docker images from within a Docker container often requires privileged access to the host’s Docker daemon or the ability to run Docker commands with elevated permissions.
- System-level Operations: Pipelines that need to modify system configurations on the build agent, manage services, or interact with hardware devices.
- Complex Network Operations: Scenarios where the pipeline needs to bind to privileged ports or perform low-level network manipulations.
- Specific Plugin Requirements: Some older or specialized Drone plugins might have been designed with the assumption of a more privileged execution environment.
To enable Trusted Mode, you navigate to your repository settings within the Drone UI. Under the "Settings" tab for your repository, you’ll find a checkbox labeled "Trusted." Ticking this box is all it takes.
Once enabled, your .drone.yml will be interpreted and executed with these elevated privileges. For instance, a pipeline using Docker-in-Docker might look like this:
kind: pipeline
type: docker
name: default
steps:
- name: build-and-push
image: docker:dind
privileged: true # This is often implied by trusted mode but good to be explicit
settings:
docker_build:
repo: your-dockerhub-username/your-repo
tags: latest
The privileged: true setting, while often a red flag, becomes a necessary tool when Trusted Mode is active, allowing the docker:dind image to function correctly by giving it direct access to the underlying host’s Docker daemon or kernel capabilities.
The most surprising truth about Trusted Mode is that it doesn’t just grant access to the host system; it fundamentally alters the security boundaries between pipelines running on the same build agent. In a non-trusted environment, Drone enforces strong isolation. In trusted mode, the potential for one pipeline to interfere with another, or for a compromised trusted pipeline to affect other projects on the same agent, increases significantly. This is why it’s crucial to only enable this for repositories you absolutely trust.
The next logical step after enabling Trusted Mode is often exploring how to manage secrets more effectively within these powerful pipelines, or understanding the implications of using specific privileged container images.