[GITHUB] Github Action Secrets integration (Organization, Repository, Environment) #408
Labels
Comments
Grraahaam
changed the title
|
Thanks @Grraahaam for clearly stating the issue. |
|
This is now completed with #1398 😄 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature description
Well done for the Github repository secrets integration (#54)! Great work 🎉
Although, would it be possible to sync secrets with an entire Github organization and environment, not just at repository level?
Why would it be useful?
Organization
Use case : Most of my apps use common secrets in their corresponding CI/CD pipelines, creating syncs for +100 repos seems a bit redundant and prone to errors IMO. Having a global sync across the entire organization would allow us to centralize those common variables, while keeping the repo level sync for more granularity/security (e.g. exposing critical secrets only to specific apps)
Environment
Use case : See above, more or less the same needs, but per environment to provide corresponding Infisical secrets
Additional context
It seems possible to sync Github organization secrets through their API, and you could even automatically import existing Github secrets to a Infisical project as well (they have
LIST/GETendpoints). But there may be some security concerns behind, which I’m not aware of yet. Anyway here’s the mentioned API if ever you guys plan to support it (I’d love it) :Edit
There's 3 Github Action secret scopes for now (2024-02) :
And limitations seems different from Github Codespace Secrets⚠️
I think the Infisical docs about Github Action should quickly describe and point to the GHA Secrets limitations, listed below to raise user's awareness :
It's maybe mentioned somewhere in-app when integrating Infisical with GHA, but I don't see anything in the docs.
Cheers! 🍻
The text was updated successfully, but these errors were encountered: