Secrets and Environment Variables in your GitHub Action
Вставка
- Опубліковано 2 лип 2023
- Need to deploy from a GitHub Action? Or something as simple as sending a Slack message when the pipeline has ended? Don't store your API Keys in clear, GitHub Actions let you safely handle secrets as well as public environment variables.
Let's see how!
_______________________________
Support my work: github.com/sponsors/Balastrong
Hit like and subscribe for more content! :D
Join the Discord community! Here's the invite: / discord
You can also follow me on the other platforms:
Twitter: / balastrong
dev.to: dev.to/balastrong
Home: leonardomontini.dev/
TikTok: / balastrong
GitHub: github.com/Balastrong
Instagram: / devbalastrong
_______________________________
Sound effects from www.zapsplat.com
#github #githubaction #devops - Наука та технологія
Thank you this seems a lot more convient then making a .env file and stopping it from loading to github. Appreciate the knowledge!
Yep, and having a .env in your repository means everything is in clear. If you have secrets/api keys, it's not a valid solution :D
Glad to hear you liked the video, if you have a look at my channel there are quite a lot on GitHub Actions. I'd love to hear your feedback 😉
tks for solving my problem
thanks for your clear explanation
Thank you so much!
Thank you so much for this video
You're welcome, hope it was helpful for you!
for a private repo is that not possible to setup the secretes? bcz there is no settings tab available for the private repo.
How should I use an API key? I tried to use the secrets in deployment, but it doesn't give me the API key, and in build it does, but it shows the API key in the code.
Do you find any solution? I’ve got the same problem
is it safe to put in github pages? and use it to our project
Good video ty.
Thank you! Feel free to have a look at the other videos in my channel :D
how do I get this info inside code, to use in api key in requests for instance
You can store the api keys in a .env file, make sure to put it under .gitignore as it should NEVER get pushed to the repo.
Then, depending on the type of application you're building, you'll be able to get the value. For example in node is process.env.VALUE_NAME but frameworks like next or astro have their own syntax. It's usually in the docs of each framework
how do we add pem file in the secrets
You remind me of KennyS
You know you're sending all your secrets to Grammarly, right? 😅
Grammarly elected the safest password manager in 2023! Jokes aside, I guess I'll disable it for Github, thanks :)