Infisical / infisical

♾ Infisical is the open-source secret management platform: Sync secrets across your team/infrastructure, prevent secret leaks, and manage internal PKI

Home Page:https://infisical.com

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Integration with GitHub Actions

vmatsiiako opened this issue · comments

Feature description

Be able to automatically send secrets from Infisical to GitHub repositories (for GitHub actions).

Why would it be useful?

Many people are using GitHub Actions. Being able to sync secrets automatically would save them a lot of time and effort.

Additional context

GitHub seems to be using Oauth 2.0, which we already have an example of (see the integration with Heroku).

Hey, I would love to have a go at this, would be a first time issue for me, do you think it would be ok? Thanks in advance!

I have a couple of questions regarding setting up the development environment. I see I need SMTP pass in order to create an account, please correct me if I'm wrong. Basically my goal here is to be logged in locally, if you could advise me on how to set that up that would be great, thank you.

Hi @gmgale! Thank you so much for your help! I think it would a great issue, it definitely has a lot of impact.

Do you mind joining our community Slack? It's much easier to ask/answer questions there. Here is the link: https://join.slack.com/t/infisical-users/shared_invite/zt-1kdbk07ro-RtoyEt_9E~fyzGo_xQYP6g

Also, if this is helpful, I'm happy to set up a quick pairing sessions, to walk through our whole codebase. Let me know :)

Great, I have joined Slack and posted in the contributing channel 😁

commented

I'm eagerly waiting for this integration! What's the news on the development for this? 😄

@beforeoafterm I think @gmgale is looking into this issue this week. It should be ready very soon 😃🚀

Hey @beforeoafterm!

@gmgale and I are actually working on the integrations right now. We'll be releasing a few new integrations this weekend including this GitHub Actions one so stay tuned! 🙂

Being able to manage GH organization secrets + repository secrets would be awesome. Since you can't see the current secrets in-use in your GH secrets, that'd be cool to automatically sync a given project (or given secrets) to GH org/repo, that way we'll be able to view the values used in our CI/CD workflows! 🚀

Is it what's being done?

Great feature request, thanks! 👏🏽

@beforeoafterm @gaahrdner @leonardbinet @0xflotus this has now been released for a while; forgot to update the issue - please let me know if you have any question about how to set it up :)

the docs are here: https://infisical.com/docs/integrations/cicd/githubactions

Well done for this integration! Great work 🎉

@mv-turtle Would it be possible to sync secrets with an entire Github organization, not just at repository level?

It seems possible to sync Github organization secrets through their API, and you could even automatically import existing Github secrets to a Infisical project as well (they have LIST/GET endpoints). But there may be some security concerns behind, which I’m not aware of yet. Anyway here’s the mentioned API if ever you guys plan to support it (I’d love it) :

Use case : Most of my apps use common secrets in their corresponding CI/CD pipelines, creating syncs for +100 repos seems a bit redundant and prone to errors IMO. Having a global sync across the entire organization would allow us to centralize those common variables, while keeping the repo level sync for more granularity/security (e.g. exposing critical secrets only to specific apps)

@Grraahaam indeed! That would be great! We just haven't gotten to that yet. Do you think you would be able to create a separate issue for this? :)

@mv-turtle Sure thing! Here it is : #408

Here is a GH action that fetches secrets that we developed for our internal use https://github.com/marketplace/actions/fetch-and-format-infisical-secrets

I know this is not what this issue is about, but I hope someone finds this useful until there is an integration available :)