I have a project that deploy my product via GIthub Actions. I created the script and eploying my product to Azure and for that I need to access to Azure via Github Actions. For every deployment I have a different Azure Credentials and it is stored in the organizational secret. I want to access this dynamically.
For example, the name of the project is TRY, the name of the secret will be AZURE_CREDENTIAL_TRY. SO to be able to call it dynamically, I need to do something like this:
${{ secrets.AZURE_CREDENTIAL_ }}. So I need to concatinate them inside the secret definition, but I am not sure if it is applicable or anyone that knows other ways to achieve this.
My guess and hope is that this isn’t possible, the security ramifications for it are too scary.
I’d suggest a reusable workflow (or an action) that takes a credential.
Then add a template (or something that is effectively a template) and in each templated version just fill in the specific credential you’re using and the name of the thing and have that call the reusable workflow/action.
And you can get access to the secrets via format ${{ secrets[..outputs.AZURE_CREDENTIAL] }} between jobs or another syntax, depends on your case, for instsance:
build:
needs: configure
runs-on: ubuntu-latest
steps:
- name: use my secrets
env:
AZURE_CREDENTIAL: ${{ secrets[needs.configure.outputs.AZURE_CREDENTIAL] }}
run: |
...