mirror of
https://github.com/jbranchaud/til
synced 2026-01-03 07:08:01 +00:00
29 lines
1.1 KiB
Markdown
29 lines
1.1 KiB
Markdown
# Reference An Encrypted Secret In An Action
|
|
|
|
CI environments like GitHub Actions want to help you keep your secrets secret.
|
|
They allow you to store an encrypted version of a secret that can be access in
|
|
an action.
|
|
|
|
First, you need to add an encrypted secret to your repository. Navigate to your
|
|
repository's _Settings_ page and then to the _Secrets_ tab. You can then add
|
|
the secret with the _New repository secret_ button.
|
|
|
|
Once the secret is added, you can reference it in your actions.
|
|
|
|
Let's say you added your repository secret with the name `MY_API_KEY`. And then
|
|
let's say that your project needs to be built with that API key available in
|
|
the environment as `SECRET_API_KEY`. You can reference it from `secrets` in the
|
|
`env` section.
|
|
|
|
```yaml
|
|
- name: Build the JS bundle
|
|
run: yarn build
|
|
env:
|
|
SECRET_API_KEY: ${{ secrets.MY_API_KEY }}
|
|
```
|
|
|
|
Though this API key is stored on GitHub's servers as an encrypted value, it
|
|
will be decrypted when this workflow step is run.
|
|
|
|
[source](https://docs.github.com/en/actions/reference/encrypted-secrets#using-encrypted-secrets-in-a-workflow)
|