This GitHub action retrieves secrets from Azure Key Vaults and makes them available in your workflows.
- Generates a
.env
file within a job, adding all the secrets to the$GITHUB_ENV
environment variable - Masks values with keys such as
SECRET
,TOKEN
,KEY
,PASS
in the GitHub output for security.
Clone the repository:
git clone https://github.com/Andrews-McMeel-Universal/get-envs
To integrate get-envs
into your workflow, add a step to a workflow in your .github/workflows/
directory.
Set the environment
to automatically find the Azure Key Vault with matching tags to the environment
and repositoryName
.
- uses: Andrews-McMeel-Universal/[email protected]
with:
azurecredentials: ${{ secrets.AZURE_CREDENTIALS }}
environment: development
To download secrets from a specific Key Vault, specify its name in the environmentKeyVault
option.
- uses: Andrews-McMeel-Universal/[email protected]
with:
azurecredentials: ${{ secrets.AZURE_CREDENTIALS }}
environmentKeyVault: get-envs
Variable | Description | Required | Default |
---|---|---|---|
azurecredentials |
Azure login credentials. Usually set to ${{ secrets.AZURE_CREDENTIALS }} . |
✔️ | N/A |
environmentKeyVault |
Name of the Azure Key Vault. If provided, the action will search for a matching Key Vault. | N/A |
|
repositoryName |
GitHub Repository Name. | ${{ github.event.repository.name }} |
|
environment |
Deployment environment. | N/A |