Adding Environment Secrets using CI/CD Pipelines
It’s a good practice to remove API keys, secrets before making your repository public. But how to push your keys to a web server without exposing it publicly?
There are various ways to do it (mentioning some I’ve used)
- Adding each config key-value pairs directly to the web server environment using the Instance Configuration method provided by Cloud Operators.
- Using FTP to upload the config file manually.
- Using CI/CD pipelines to add config files before deploying.
I will be explaining 3rd way(mine favorite)
Let’s say we use a .env
file that contains all our secret configs. Firstly we will add .env
file contents in the GitHub Repository Secrets. You can find more about git-hub secrets here. To create Secrets in a repository -
- Go to your repository.
Settings
→Secrets
.- Click on
New Repository secret
. - Enter the secret name you want to give and copy-paste the
.env
file contents. - Click on
Add secret
.
We will create a CI/CD pipeline for GitHub Action to substitute the configurations by creating a new .env file just before deployment. Here is the sample YML file.
You can further add steps to deploy to your preferred cloud. If using Azure App Service, check this out https://github.com/marketplace/actions/app-service-web-app-build-action and customize as per your need.
You should checkout:
- Github Actions: https://docs.github.com/en/actions/learn-github-actions/introduction-to-github-actions
- Python Dotenv: https://pypi.org/project/python-dotenv