New Features in GitHub Codespaces
Hello everyone! I hope everyone participating in the GitHub Codespaces beta has been enjoying their time in the product. It’s a new year and we have some news to share! We’ve been working hard to address top requests from the community and are excited to release the following features for you to try out. Give them a try and let us know what you think!
- You asked, we listened. Our first iteration of secrets support is now accessible from the Codespaces settings page in your profile.
- From there you can add, store, and access sensitive information as encrypted secrets. These will be accessible from the repositories you choose at creation.
- Examples of items you might store with Secrets include personal access tokens to cloud services, service principals, and subscription identifiers.
- We’ve also added support for private image registries. You can add a defined prefix to a set of secrets so that they can be used as the credentials to access private images within that registry.
- To add private image registry credentials, you will need 3 secrets as shown below:
* <*>_CONTAINER_REGISTRY_SERVER = <REGISTRY SERVER> * <*>_CONTAINER_REGISTRY_USER = <REGISTRY USERNAME> * <*>_CONTAINER_REGISTRY_PASSWORD = <PAT>
- The “<*>” in these strings can be replaced with any value. For example:
* ACR_CONTAINER_REGISTRY_SERVER = mycompany.azurecr.io * ACR_CONTAINER_REGISTRY_USER = acr-user-here * ACR_CONTAINER_REGISTRY_PASSWORD = <PAT>
- The values will be passed into the Docker CLI any time you create or resume your codespace.
- To find out more about setting up secrets for GitHub Codespaces, check out our docs here.
- You can allow GitHub to automatically use GPG to sign commits you make in your codespaces, allowing others to be confident that the changes come from a trusted source.
- Commits will have verified status on GitHub.
- GPG signing is disabled by default. To enable, follow the steps found here and make sure to update your Visual Studio Code settings to enable GPG verification:
- You can now explicitly manage the set of repositories your codespaces can access.
- Enable access and security for none of your repositories, all of your repositories, or specific repositories. You should only enable access and security for repositories you trust.
- Find out more in the trusted repositories documentation.