For the past two and a half years as a Solutions Engineer at CircleCI, I’ve had the distinct pleasure of working with some of CircleCI’s largest customers to help them instill healthy CI/CD practices into their development processes.

Leading-edge organizations are trying to make sure that their applications are scalable, reliable, and secure. Shipping products to users quickly and reliably is imperative to gaining a competitive edge.

What enables companies to ship their product quickly and reliably?

For CircleCI users, one answer to that question is orbs. Orbs are becoming the go-to accelerator for teams looking to simplify CI/CD across multiple projects with similar needs. Orbs also make it easier and faster for developers to get up to speed on projects.

In this blog post, we cover the what, why, and how of CircleCI orbs, and leave you with some guidance on how to implement orbs into your own CI/CD practice.

What are orbs?

Orbs are a list of instructions that allow you to automate a specific task across multiple projects, following proven logic. They help you minimize configuration complexity while acting as a package manager, integrating your software and services stack quickly and efficiently. Orbs are customizable and come equipped with the ability to leverage jobs, commands, and executors to match your unique needs for a project.

There are public and private orbs that users can adopt across projects with similar use cases. Public orbs integrate popular tools and are available to the broader community of developers using CircleCI. Additionally we offer private orbs, limited to users within the same organization. Private orbs have been available to our Scale plan customers since early 2021 and are now available to all customers on our paid plans.

Public vs private orbs

Public orbs

  • Any CircleCI user can use public orbs in their own configurations.
  • CircleCI orbs are open-source so creating or using public orbs is a way to pay it forward to other developers. Published orbs can be found on our Developer Hub.

Private orbs

  • Private orbs are only published internally. Companies may choose to author private orbs because they don’t want competitors to know that they are using a certain tool in their development process.
  • Private orbs do not appear in the CircleCI Developer Hub, they cannot be viewed or used by someone outside of your organization, nor can they be used in a pipeline that does not belong to your organization.

One of the most exciting things about orbs is that you can create both public and private orbs yourself using the orb development kit.

It’s important to note that private orbs are not meant to be used as a secrets management tool. Any information that could be considered “secret” such as API keys, auth tokens, and passwords, should never be entered directly as parameter values. CircleCI’s orb development best practices has more information on this. For the purpose of storing secrets, we strongly recommend using contexts and environment variables, which you can read about here.

Don’t reinvent the wheel

Using orbs in your pipelines can save a lot of time. In this example, creating and adopting the orb to test the node app means using just the test job (already pre-configured) in the project’s config file, versus actually creating the job and outlining the steps for testing the node application. Not only does this save developers’ time in configuring CI/CD pipelines but it also helps to keep config in line with Don’t Repeat Yourself (DRY) best practices, which means you don’t have to reinvent the wheel each and every time you write code.

Enterprise customers have hundreds of thousands of CI/CD pipelines and that means configuration files to match. Using orbs can help companies of this size ensure their pipelines and config files stay reliable and efficient at scale.

How orbs keep your app secure

Orbs are essential in building and maintaining a healthy CI/CD pipeline. They’re also very useful for teams looking to deploy and test their application across multiple security tools. CircleCI has partnered with several security organizations whose partner orbs can be leveraged to test against your app.

Simply call those orbs, test them against your application, and collect meaningful data insights into security vulnerabilities to ensure quality control. Filter partner orbs by ‘security’ to see all CircleCI security partner orbs.

Why should you use orbs?

The ultimate goal of orbs is that developers can more easily engage with a configuration file instead of feeling consumed by it. Simply being able to call an orb allows developers to shift their focus to building out jobs and workflows rather than spending time configuring code.

With an intuitive design and framework, orbs are easily maintained through configuration and versioning. This goes beyond optimization — orbs reduce build times and credit consumption, and dare I say it, improve developer sanity.

No matter if they’re public or private, orbs are the best way to ensure speed, reliability, and security into your CI/CD process. To view public orbs or get started authoring your own, check out the CircleCI orb development kit.