GitHub Community
"Best Practices for Securing Secrets in Source Code Repositories?" #139973
-
Select Topic AreaQuestion BodyHi everyone, In situations where environment variables aren’t an option, what are the best practices for securely managing secrets in a public repository? Looking forward to your thoughts! |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
To manage secrets in a public GitHub repository without environment variables: Encryption: Store secrets in the repo but encrypt them. Use a secure service or key management system to decrypt at runtime. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks a lot |
Beta Was this translation helpful? Give feedback.
To manage secrets in a public GitHub repository without environment variables:
Encryption: Store secrets in the repo but encrypt them. Use a secure service or key management system to decrypt at runtime.
Secret Management Services: Use external services like AWS Secrets Manager or HashiCorp Vault to store and retrieve secrets securely during runtime.
GitHub Actions Secrets: For GitHub workflows, store secrets in GitHub Actions Secrets, which are encrypted and secure.
These methods help avoid exposing secrets directly in the codebase.