Move comment system secret key to environment secrets for GitHub Actions
hanson2010 opened this issue · comments
I think putting secret key in config.toml
is an insecure design, given that the project is public in most cases.
Can we move it to environment secrets for GitHub Actions?
https://github.com/[username]/[username].github.io/settings/environments
Hi harson2010,
Hugo is a static site generator. All the secret keys will finally be embedded into the webpages, which is accessible to the public.
So I think it may not be necessary to move them into environment secrets.
Currently all the secret keys that may appear in config.toml
are for comment services. If there are any other usages not applied to the cases above, please reply to me.
Thanks for your feedback.