Write Secrets to File #24928
-
I’m trying to write an enviromental variable file that was stored in a secret in my repository, however, I can’t confirm it’s being written correctly. I know there’s an error when loading it but I can’t tell if it’s not formatted correctly, or what it is. Here is how I’m trying to write the file:
|
Beta Was this translation helpful? Give feedback.
Replies: 9 comments 12 replies
-
Hi @destinybonavita , You could upload the env file as an artifact , then you could see the secret variable value after downloading the artifact. Also, you need to use ${{secrets.variablename }} syntax to get secret variable value, please see my example:
|
Beta Was this translation helpful? Give feedback.
-
Hi @yanjingzhu! Sorry for the late response. When I run |
Beta Was this translation helpful? Give feedback.
-
Turns out my problem was that I wasn’t wrapping the env variable in quotes when running printf. That fixed it |
Beta Was this translation helpful? Give feedback.
-
@destinybonavita |
Beta Was this translation helpful? Give feedback.
-
Hi @streamnsight , welcome to the GitHub Support Community! Secrets are automatically masked in the log output to prevent the secrets leaking—that’s why you’re seeing |
Beta Was this translation helpful? Give feedback.
-
That makes it very difficult to debug issues… |
Beta Was this translation helpful? Give feedback.
-
Had the same issue just now. I debugged it by writing and committing a small script that would read the .env file and raise an error if the secret was not correctly saved. Turned out it’s correct in the file and only masked in the github output |
Beta Was this translation helpful? Give feedback.
-
Sorry to revive a dead thread, but I figure if anyone else is looking for this solution (Which, by the way, worked for me, so thanks!), they may want to know this info. The question above specifically asked about how to verify a file was being written properly. However, if you're using this solution as a way to write files on the fly via secrets, it's good to know that you should not use the Therefore, if you are just needing to write a file, exclude the name: Your action
# Customize when you want the action to run here. In this case, I have it set to only run on pushes to dev, pull requests to master, and also allow it to be manually ran
on:
push:
branches: ["dev"]
pull_request:
branches: [ "master" ]
workflow_dispatch:
jobs:
job-name-here:
runs-on: ubuntu-22.04
steps:
# Checkout the branch
- name: Checkout
uses: actions/checkout@v3
# Create the test environment file from Actions Secrets
# You don't have to cat out your secrets file, but if you do it will just show as *** in the logs. It basically just confirms it actually exists.
- name: Echo secrets
run: |
echo $TEST_ENV_FILE >> src/your_directory_here/your_file_name.here
cat src/your_directory_here/your_file_name.here
shell: bash
env:
# Feel free to rename this variable, but make sure to update it everywhere. You should paste your entire file in your secrets
TEST_ENV_FILE : ${{secrets.YOUR_SECRET_NAME}}
# Do whatever you want from here, your secrets file is now available and isn't visible to anyone viewing the actions logs, including you |
Beta Was this translation helpful? Give feedback.
-
- name: Configure .env file
run: |
python -c "import os; file = open('.env', 'w'); file.write(os.environ['YOUR_SECRET']); file.close()"
shell: bash
env:
YOUR_SECRET : ${{secrets.YOUR_SECRET}}
|
Beta Was this translation helpful? Give feedback.
Turns out my problem was that I wasn’t wrapping the env variable in quotes when running printf. That fixed it