|
|
|
|
|
|
by kevmo314
337 days ago
|
|
|
Isn't this "echo with more steps"? The CI/CD example [1] strikes me as not obviously better than doing cat > .env << EOF
DATABASE_URL=${{ secrets.TEST_DATABASE_URL }}
STRIPE_API_KEY=${{ secrets.STRIPE_TEST_KEY }}
EOF
which also addresses the trust and rotation problems. I suppose for dev secrets those are annoying, but even with secretspec you would have to rotate dev secrets when someone is offboarded.[1] https://devenv.sh/blog/2025/07/21/announcing-secretspec-decl... |
|
|
We hope that one day github actions would integrate secretspec more tightly, leaving aside using environment variables as a transport.
That's going to be a long journey, one worth striving for.