Steps To Configure Secrets in GitHub Actions
Step 1: Log in to the GitHub repository, click on the repository, and click on settings.
Step 2: Scrole down left side and click on secrets and variables and click on actions.
Step 3: Secret tokens and GitHub Actions
- In the left sidebar, select “Secrets.”
- Click on the “New repository secret” button.
- Provide a name for your secret, such as “SERVICE_ACCOUNT_KEY.”
- Paste the value of your secret into the “Value” field.
- Click on the “Add secret” button to save your new repository secret.
Step 4: GitHub Actions secret example
In this workflow, we are calling the secret SERVICE_ACCOUNT_KEY
from the GitHub repository secrets. This key is crucial for authenticating with Google Cloud Platform (GCP) services during the CI/CD process. By referencing the secret directly within the workflow file, we ensure that sensitive credentials remain secure and inaccessible to unauthorized users. This practice adheres to best security practices and safeguards against potential security vulnerabilities.
name: <Respective name of cicd>
on:
push:
branches: [ <Branch Name> ]
jobs:
build-push-gcr:
name: Build and Push to GCP
runs-on: ubuntu-latest #Runner
env:
IMAGE_NAME: <Image-name>
PROJECT_ID: <Project-id>
steps:
#Checkout stage
- name: Checkout
uses: actions/checkout@v2
#Call the secert into action file
- uses: google-github-actions/setup-gcloud@v2
with:
service_account_key: ${{ secrets.SERVICE_ACCOUNT_KEY }}
project_id: ${{ env.PROJECT_ID }}
export_default_credentials: true
- Secrets Setup: The
google-github-actions/setup-gcloud
action is used to set up Google Cloud SDK. It requires access to theSERVICE_ACCOUNT_KEY
secret, which contains the service account key JSON file necessary for authentication. - Accessing Secrets: The
service_account_key
parameter of thesetup-gcloud
action fetches the secret value stored in the GitHub repository secrets. - Secret Management: Secrets like
SERVICE_ACCOUNT_KEY
are stored securely in GitHub repository settings, ensuring that sensitive information is not exposed in the workflow file.
Step 5: Verify the console output of the github actions here the actions file calling the secrets from the secrets.
How to Add GitHub Actions Secrets ?
When it comes to safely managing sensitive data in your workflows—like access tokens, API keys, and other credentials—GitHub Actions secrets are essential. By using these tricks, you can securely access and save private information without exposing it to the source code of your repository. You may improve the security of your CI/CD pipelines and guarantee that confidential or sensitive data is kept safe during the development and deployment phases by making use of the secrets. We will go over how to add, manage, and use GitHub Actions secrets in this article to protect your projects and automate tasks to make your workflow more efficient. We can call and store the secrets in the pipeline by using the secrets. We can configure the secrets on GitHub by following the procedures listed below.