Github secrets are great for storing and accessing secrets for your projects. But how can you pass these secrets into your project without exposing them or writing them to disk? While you could write connection strings and secrets into an appsettings.json file, it may not be ideal to have your secret on disk where it can be seen and accessed easily. If you're already using docker and GitHub actions to deploy this is really simple.
In your pipeline workflow, make a step to add the secret as an environment variable, in the pipeline:
- name: Add Secrets Into Enviroment
run: |
echo "PASSWORD=${{ secrets.PASSWORD }}" >> $GITHUB_ENVThen in either docker run or your docker compose, reference that secret as a docker environment variable. Passing it through from the environment to the docker container.
environment:
- USERPASS=${PASSWORD}That's it. Your container should now have the secret. This should work for the duration of the job. It will persists for all subsequent steps in the same job. Afterward, the environment variable is no longer available. It's not written to disk and can be better than writing out to a file.