Secrets support in GitHub Codespaces

Hi,

would be great if GitHub Codespaces supported secrets, similar to how the now-deprecated Visual Studio Codespaces does.

I wonder if the secrets functionality already in GitHub (used by GitHub Actions) could also be integrated with GitHub Codespaces?

6 Likes

Hey! Secrets support is definitely on our roadmap :+1: As you mentioned, the plan is to leverage the existing support for org and repo-level secrets that Actions already uses. That said, since Codespaces is more of an individually-managed service (as opposed to Actions), we’ve also heard a lot of feedback for introducing user-level secrets.

Out of curiosity: how would you imagine your team making use of secrets with Codespaces? Would you have repo/org-wide secrets (e.g. connection strings for shared dev databases), or would you expect to want each developer to have individual, user-level secrets? Thanks!

1 Like

Hi, thanks for the quick reply :slightly_smiling_face: That’s great that it’s on the roadmap.

I think teams would find both repo/org-wide secrets and also individual, user-level secrets very useful. I think it’s key that individual developers are able to configure secrets for their development environment on an individual basis.

As per 12 factor, I’d see the individual level and the repo level secrets as being independent of each other, rather than trying to group them and to use overrides. Would be very handy to be able to switch easily from having the Codespaces dev environment use individual secrets to using the repo level secrets, and vice versa. I’d see the repo level secrets as typically being the default when creating a new Codespace, which would be useful for people new to a project, for instance.

Hope that’s useful, just throwing some ideas out there :slight_smile:

1 Like

+1, being able to set environment vars from secrets would be ideal for being able to develop in codespaces.

+1 Strongly agreed around the secrets, especially personal.

From my understanding the ultimate philosophy of Codespaces is one-click, immediate Dev Environment. If we have any remaining manual setup after the automated setup steps then we’ve got a problem.

My current project necessitates using an OracleDB container, to pull that I need to login to Docker. That’s a private environment variable and as part of a developer’s contribution to the repo they will need to provide that.

When I create the codespace for this repo, it should spin up the entire stack, run migrations + seeders, install all needed dependencies, then by the time Codespaces is ready for me all I need to do is start coding. I’m fine to have more manual configuration upfront (re: secrets, build steps, etc.), I’d rather not have to repeat the process every time I made a Codespace (logging into DockerHub, running setup steps manually).