Encrypt env variables being passed to github workflow #601
Comments
|
For the authorization token explore if passing it as such https://docs.github.com/en/actions/security-guides/automatic-token-authentication#using-the-github_token-in-a-workflow treats the token as an encrypted string |
|
By using secret.GITHUB_TOKEN in the action workflow, I was able to use the token passed for triggering the workflow in the job. This means the user does not need to manually set the personal access token as a repository secret to trigger the workflow, but still have an option to do so. The other public S3 bucket variables which are passed as the client payload, isnt encrypted when passed to the workflow. It seems unlikely that variables passed in that manner would be encrypted, so the recommended course currently is to only pass public bucket credentials in that manner through the client payload, and when using a private bucket, set them up as repository secrets. |
|
Found no obvious solution to encrypt environment variables passed via the client payload. Hence, added documentation to encourage passing only public S3 credentials via the curl, and to set private bucket as action secrets. Personal Access token is being passed encrypted. Closing this. |
Pass encrypted environment variables to github action token from running shell script.
The text was updated successfully, but these errors were encountered: