▲ | bapak a day ago | ||||||||||||||||
Secrets gotta live somewhere. Are you supplying them every time you deploy or run CI? | |||||||||||||||||
▲ | larntz a day ago | parent | next [-] | ||||||||||||||||
Yes. Either via a secret manager (eg vault) or configured as repo secrets if that kind of infra isn't available. https://docs.github.com/en/actions/how-tos/security-for-gith... Never commit secrets for any reason. | |||||||||||||||||
| |||||||||||||||||
▲ | UltraSane a day ago | parent | prev | next [-] | ||||||||||||||||
I like to encrypt secrets with a master secret stored in a TPM. This makes it impossible to accidentally leak the secret. | |||||||||||||||||
▲ | cess11 a day ago | parent | prev [-] | ||||||||||||||||
I'm not telling you what you should or should not do, especially not in the abstract. I commented on the deceptive terminology employed by a very large corporation with deep connections to rather distasteful activities and organisations. |