Steps To Configure Secrets in GitHub Actions

Step 1: Log in to the GitHub repository, click on the repository, and click on settings.

Step 2: Scrole down left side and click on secrets and variables and click on actions.

Step 3: Secret tokens and GitHub Actions

• In the left sidebar, select “Secrets.”
• Click on the “New repository secret” button.
• Provide a name for your secret, such as “SERVICE_ACCOUNT_KEY.”
• Paste the value of your secret into the “Value” field.
• Click on the “Add secret” button to save your new repository secret.

Step 4: GitHub Actions secret example

In this workflow, we are calling the secret SERVICE_ACCOUNT_KEY from the GitHub repository secrets. This key is crucial for authenticating with Google Cloud Platform (GCP) services during the CI/CD process. By referencing the secret directly within the workflow file, we ensure that sensitive credentials remain secure and inaccessible to unauthorized users. This practice adheres to best security practices and safeguards against potential security vulnerabilities.

name: <Respective name of cicd>
on:
  push:
    branches: [ <Branch Name> ]
jobs:
  build-push-gcr:
    name: Build and Push to GCP
    runs-on: ubuntu-latest  #Runner
    env:
      IMAGE_NAME: <Image-name>
      PROJECT_ID: <Project-id>
    steps:
   #Checkout stage
    - name: Checkout
      uses: actions/checkout@v2
  #Call the secert into action file
    - uses: google-github-actions/setup-gcloud@v2
      with:
        service_account_key: ${{ secrets.SERVICE_ACCOUNT_KEY }}
        project_id: ${{ env.PROJECT_ID }}
        export_default_credentials: true

• Secrets Setup: The google-github-actions/setup-gcloud action is used to set up Google Cloud SDK. It requires access to the SERVICE_ACCOUNT_KEY secret, which contains the service account key JSON file necessary for authentication.
• Accessing Secrets: The service_account_key parameter of the setup-gcloud action fetches the secret value stored in the GitHub repository secrets.
• Secret Management: Secrets like SERVICE_ACCOUNT_KEY are stored securely in GitHub repository settings, ensuring that sensitive information is not exposed in the workflow file.

Step 5: Verify the console output of the github actions here the actions file calling the secrets from the secrets.

When it comes to safely managing sensitive data in your workflows—like access tokens, API keys, and other credentials—GitHub Actions secrets are essential. By using these tricks, you can securely access and save private information without exposing it to the source code of your repository. You may improve the security of your CI/CD pipelines and guarantee that confidential or sensitive data is kept safe during the development and deployment phases by making use of the secrets. We will go over how to add, manage, and use GitHub Actions secrets in this article to protect your projects and automate tasks to make your workflow more efficient. We can call and store the secrets in the pipeline by using the secrets. We can configure the secrets on GitHub by following the procedures listed below.