Anyone know how to read GitHub secrets from the pu...
# general
s
Anyone know how to read GitHub secrets from the pulumi stack config or the pulumi code (C#) itself? I know we can read in the GitHub Action yml using: ${{ secrets.SECRET_VALUE }} But can I access secrets from the config or code? Thanks everyone 🤔
s
I would try storing the secret value in Pulumi and then writing it to GH using the ActionsSecret resource. GH does not allow you to retrieve a secret's value outside of referencing it in an Action, so I think what you're trying to do is not possible due to how GHA secrets work. https://www.pulumi.com/registry/packages/github/api-docs/actionssecret/
s
Thanks for the reply Josh But to store the value in Pulumi I would have to add my sensitive value to the source control right? 🤔
l
Yes, but only an encrypted version of the raw values. The encryption key is either located on our SaaS, or any other of the supported encryption provider. See this article for an introduction: https://www.pulumi.com/docs/intro/concepts/secrets/
s
Thanks Ringo, I'll try play around with these settings now 👍 👍 👍