You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
A current workflow for support of all project secrets is difficult and inconvenient:
Every developers should add/update 3 different files if a connector secret key is changed
Not all developers can add GitHub secrets. Sure, there are a set of responsible people whom do it but sometimes we need to troubleshoot of access issues and it is not comfortable to pull them constantly.
Support of 2 credentials' storages: GitHub Secrets and LostPass
Possible solution
Update of the CI workflow:
CI script will try to load necessary config files from the LastPass storage primarily. There is a console utility for this. A name of LastPass note must be same with a github secret's name. If these notes are not exists into LastPass, CI will use the old logic(using of GitHub secrets)
simplify support of credentials' variables:
using of connector unique names as variable prefixes. e.g. connector: source-s3 => the variable prefix: SOURCE_S3_. And CI will load all values with necessary prefixes only.
keep a name of target file into a secret's name. e.g.:
default value: SOURCE_S3_CREDS. This value will be saved to the folder ./source-s3/secrets/config.json
custom value: SOURCE_S3_CREDS_custom_config.json. This value will be saved to the folder ./source-s3/secrets/custom_config.json
The text was updated successfully, but these errors were encountered:
A simpler solution would be to add all secrets into the repository. You can create a public-private key (Curve25519 for example), encrypt all secrets to source code with the public key and decrypt the secret in CI with the private key. https://pynacl.readthedocs.io/en/latest/public/
Current problem state
A current workflow for support of all project secrets is difficult and inconvenient:
Possible solution
Update of the CI workflow:
The text was updated successfully, but these errors were encountered: