-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
2 changed files
with
36 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,36 @@ | ||
| If you're aiming to use the GitHub CLI (`gh`) with the intent of not storing the secret value directly in your local repository or GitHub, and you'd like to utilize the `gh secret set` command with the `--no-store` option, here’s how you can proceed. This method involves setting a secret for your repository or organization without the need for manually encrypting the secret value on your side, as `gh` handles the encryption for you. | ||
|
|
||
| ## Encrypting Secret Values Using GitHub CLI | ||
|
|
||
| ### Setting Secrets Directly with GitHub CLI | ||
|
|
||
| To set a secret in a GitHub repository or organization without storing the secret value in the GitHub server, you can use the `gh secret set` command. This command encrypts your secret and sends it securely to GitHub. | ||
|
|
||
| 1. **Setting a secret for a repository:** | ||
|
|
||
| ```shell | ||
| gh secret set SECRET_NAME --body "secret_value" --repo owner/repo --no-store | ||
| ``` | ||
|
|
||
| - Replace `SECRET_NAME` with the name you want to give your secret. | ||
| - Replace `"secret_value"` with the actual value of your secret. | ||
| - Replace `owner/repo` with the appropriate repository owner and repository name. | ||
|
|
||
| 2. **Setting a secret for an organization:** | ||
|
|
||
| ```shell | ||
| gh secret set SECRET_NAME --body "secret_value" --org organization --no-store | ||
| ``` | ||
|
|
||
| - Replace `SECRET_NAME` with the name you wish to assign to your secret. | ||
| - Replace `"secret_value"` with the actual value of your secret. | ||
| - Replace `organization` with the name of your GitHub organization. | ||
|
|
||
| ### Notes on `--no-store` Option | ||
|
|
||
| - The `--no-store` option ensures that the secret's value is not stored or logged anywhere on the GitHub server, providing an additional layer of security. | ||
| - It's essential to replace `"secret_value"` with the actual value you wish to encrypt and use as a secret. This value is encrypted client-side and securely transmitted to GitHub. | ||
|
|
||
| ## Conclusion | ||
|
|
||
| Using the GitHub CLI with the `--no-store` option for setting secrets is a secure and straightforward method for managing sensitive values in your projects. By integrating these encrypted secrets into your Terraform configurations, you maintain a high level of security and best practices for infrastructure as code. |
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.