Goutam's Blogs

How to Hide API Keys Using GitHub Actions Secrets

How to Hide API Keys Using GitHub Actions Secrets

Goutam Nath's photo
Goutam Nath
ยท

2 min read

GitHub Actions makes it easy to automate all your software workflows like Building your App, testing and deploying your code etc. Probably you are already using it to build and deploy your applications as well.

But,

How to hide your secrete tokens/API Keys on GitHub workflows?

Your application could be using a free API with limited number of API calls or a paid API costing you money on each API calls. So, you won't like your API keys to be visible to everyone.

In your local machine you were probably using environment variables to hide your secrets in your builds and deployment and guess what you can do the same thing on GitHub actions as well.

Let's see How you can do that.

On your project's GitHub repository Go to Settings > Secrets > Actions

There you will see two options, Environment secrets and Repository secrets. I'm going to use Repository secrets but the workflow is same.

Click on the New repository secret Button

chrome_saDZrstlI6.png

It will create a new secret for you, Give it a Name and a value and finally Add secret

chrome_XitLS8sGZR.png

Now, Lets see how to add these secrets in you GitHub workflows files

name: ......
'on': ....
jobs:
  build_and_deploy:
    runs-on: ubuntu-latest
    env:
      API_KEY: ${{secrets.YOUR_SECRET_API_KEY}} 
    steps:
      ....
      ....

Now whenever this action will run, it will use the secret value you gave.

So, that was all you have to do to hide your secrets.

Did you find this article valuable?

Support Goutam Nath by becoming a sponsor. Any amount is appreciated!

GitHubgithub-actionsAPIs
ย