https://pulumi.com logo
Title
s

swift-apple-26877

08/24/2022, 2:14 PM
Anyone know how to read GitHub secrets from the pulumi stack config or the pulumi code (C#) itself? I know we can read in the GitHub Action yml using: ${{ secrets.SECRET_VALUE }} But can I access secrets from the config or code? Thanks everyone 🤔
s

stocky-restaurant-98004

08/24/2022, 2:35 PM
I would try storing the secret value in Pulumi and then writing it to GH using the ActionsSecret resource. GH does not allow you to retrieve a secret's value outside of referencing it in an Action, so I think what you're trying to do is not possible due to how GHA secrets work. https://www.pulumi.com/registry/packages/github/api-docs/actionssecret/
s

swift-apple-26877

08/24/2022, 2:42 PM
Thanks for the reply Josh But to store the value in Pulumi I would have to add my sensitive value to the source control right? 🤔
l

limited-rainbow-51650

08/24/2022, 2:45 PM
Yes, but only an encrypted version of the raw values. The encryption key is either located on our SaaS, or any other of the supported encryption provider. See this article for an introduction: https://www.pulumi.com/docs/intro/concepts/secrets/
s

swift-apple-26877

08/24/2022, 3:40 PM
Thanks Ringo, I'll try play around with these settings now 👍 👍 👍