I have a basic git repo set up with github actions to build and deploy (HTML and TS files mainly).
However I have to use in some API Keys that needs to be secret.
So I figure out to use GITHUB SECRETS for them.
How can I access GITHUB SECRETS in my js (or TS) files so it can build with github actions properly?
Creating the Secrets on GitHub Maybe the "hardest" of the steps; you just need to navigate to the repo where you want to add the data, go to Settings, and look for the option Secrets Tip: Though you can add whatever Name and Value you want to, it is better to add a relevant Name, since this is the Key, something meaningful is crucial.
To use secrets that are larger than 64 KB, you can use a workaround to store encrypted secrets in your repository and save the decryption passphrase as a secret on GitHub. For example, you can use gpg to encrypt a file containing your secret locally before checking the encrypted file in to your repository on GitHub.
All 100 environment secrets. Secrets are limited to 64 KB in size. To store larger secrets, see the "Storing large secrets" workaround below. To use secrets that are larger than 64 KB, you can use a workaround to store encrypted secrets in your repository and save the decryption passphrase as a secret on GitHub.
The secrets that you create are available to use in GitHub Actions workflows. GitHub uses a libsodium sealed box to help ensure that secrets are encrypted before they reach GitHub and remain encrypted until you use them in a workflow.
You can pass-in Secrets as ENV variables.
Example:
...
steps:
- name: Git checkout
uses: actions/checkout@v2
- name: Use Node 12.x
uses: actions/setup-node@v1
with:
node-version: 12.x
- name: Install Dependencies (prod)
run: yarn install --frozen-lockfile --production
- name: Run Tests (JEST)
run: yarn test --ci --silent --testPathIgnorePatterns=experimental
env:
CI: true
API_KEY: ${{ secrets.API_KEY }}
In Node.js you can access it via process.env.API_KEY
.
I Find a way to achieve it although it might not be the best (And I'm definitly not bash expert)
So create a setEnv.sh file
mkdir env
echo "export const environment = { firebase_api_key : '$1' }" > env/env.ts
That take as your API key as first parameter, create a env folder and save TS code with your api key.
Then add this line
- run: sh setEnvironment.sh ${{ secrets.FIREBASE_API_KEY }}
Into your github action script, which will execute your script and set the Secret Key.
You'll now just have to use environment.firebase_api_key
in your code.
Note: Your build needs to encrypt your key otherwise it will be exposed. But this can be usefull for example if you use API keys on your website and you also want your website code to be available in public on Github, without those plain keys.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With