Skip to content

Maintenance: Encrypt GitHub Actions secrets with environments feature #1354

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
2 tasks done
heitorlessa opened this issue Jul 22, 2022 · 4 comments
Closed
2 tasks done

Maintenance: Encrypt GitHub Actions secrets with environments feature #1354

heitorlessa opened this issue Jul 22, 2022 · 4 comments
Labels
internal Maintenance changes

Comments

@heitorlessa
Copy link
Contributor

Summary

By default, Secrets are only exposed to GitHub Actions workflow that run in the base repo. We could do better and only expose certain secrets - release role ARNs, etc. - to specific workflows only.

More info: https://docs.github.com/en/actions/deployment/targeting-different-environments/using-environments-for-deployment#environment-secrets

Why is this needed?

Increases security posture and minimize blast radius by limiting secrets to specific workflows on a need-to-have basis.

Which area does this relate to?

Automation, Governance

Solution

No response

Acknowledgment
@heitorlessa heitorlessa added triage Pending triage from maintainers internal Maintenance changes labels Jul 22, 2022
@heitorlessa
Copy link
Contributor Author

related: #1353

@heitorlessa heitorlessa removed the triage Pending triage from maintainers label Jul 22, 2022
@heitorlessa
Copy link
Contributor Author

Forgot to share that this requires Secrets to be recreated as Environment Secrets.

@heitorlessa heitorlessa mentioned this issue Jul 22, 2022
Merged
7 tasks
@github-actions github-actions bot added the pending-release Fix or implementation already in dev waiting to be released label Jul 22, 2022
@heitorlessa heitorlessa removed the pending-release Fix or implementation already in dev waiting to be released label Jul 22, 2022
@github-actions
Copy link
Contributor

⚠️COMMENT VISIBILITY WARNING⚠️

This issue is now closed. Please be mindful that future comments are hard for our team to see.

If you need more assistance, please either tag a team member or open a new issue that references this one.

If you wish to keep having a conversation with other community members under this issue feel free to do so.

@am29d am29d mentioned this issue Jul 22, 2022
Merged
7 tasks
@github-actions github-actions bot added the pending-release Fix or implementation already in dev waiting to be released label Jul 22, 2022
@github-actions
Copy link
Contributor

This is now released under 1.26.6 version!

@github-actions github-actions bot removed the pending-release Fix or implementation already in dev waiting to be released label Jul 25, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
internal Maintenance changes
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@heitorlessa