Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copilot Lvl 2
Message 1 of 5

Accessing secrets by index using an environment variable

Solved! Go to Solution.

Hi all!

At this moment I am creating a pipeline in which I would like to achieve the following:

 

- Set an environment variable based on a certain condition

- Use that environment variable to access a certain secret which I have defined (in this case PROD)

 

To make this more clear, I added a code snippet:

 

- name: Set env to production
if: endsWith(github.ref, '/master')
run: |
echo "::set-env name=ENVIRONMENT::PROD"
- run: echo ${{ secrets[$ENVIRONMENT] }}

 

So based on the set environment variable I would like to access: secrets.PROD

 

I used: https://help.github.com/en/actions/reference/context-and-expression-syntax-for-github-actions as a reference. Any help or direction would be appreciated!

4 Replies
Highlighted
Copilot Lvl 3
Message 2 of 5

Re: Accessing secrets by index using an environment variable

I'm not sure whether that is possible. I use something similar in one of my workflows (see here).

I believe environments variables are referenced in a different way that you're doing since this is about environment variables between different steps. You should use "env.ENVIRONMENT" to reference an environment variable.

 

The following example should echo "PROD"

- name: Set env to production
  if: endsWith(github.ref, '/master')
  run: |
    echo "::set-env name=ENVIRONMENT::PROD"
- run: echo ${{ env.ENVIRONMENT }}


Note that you could use bash in a step to selectively get an environmnet variable (also see my workfow for bash in a "run" step.

Hope this helps any.

Highlighted
Solution
GitHub Partner
Message 3 of 5

Re: Accessing secrets by index using an environment variable

Hi @nilsdebruin,  

Accessing secrets by index using an environment variable is not supported.
As a workaround , you could add another step with if conditional for non-production . And you could use secrets.PROD directly when set a step environment variable. 

 

 

name: get secrets variable name from another env
on: push
jobs:
  get-secret:
    runs-on: ubuntu-latest
    steps:
    - name: Set env to production
      if: endsWith(github.ref, '/master')
      run: echo $environment
      env: 
        environment: ${{secrets.PROD}}
    - name: Set env to non production 
      if: "!endsWith(github.ref, '/master')"
      run: echo $environment
      env: 
        environment: ${{secrets.TEST}}

 

Highlighted
Copilot Lvl 2
Message 4 of 5

Re: Accessing secrets by index using an environment variable

Hi all,

 

Thanks for the replies! I have now come up with the following solution (which works, but does not feel dry):

 

- name: Set env to staging
  if: endsWith(github.ref, '/develop')
  run: |
    echo "::set-env name=ENVIRONMENT::develop"
    echo "::set-env name=ENV_FILE::env.develop"
    echo "::set-env name=AWS_ACCESS_KEY_ID::${{ secrets.DEVELOP_AWS_ACCESS_KEY_ID }}"
    echo "::set-env name=AWS_SECRET_ACCESS_KEY::${{ secrets.DEVELOP_AWS_SECRET_ACCESS_KEY }}"
- name: Set env to production
  if: endsWith(github.ref, '/master')
  run: |
    echo "::set-env name=ENVIRONMENT::prod"
    echo "::set-env name=ENV_FILE::env.prod"
    echo "::set-env name=AWS_ACCESS_KEY_ID::${{ secrets.PROD_AWS_ACCESS_KEY_ID }}"
    echo "::set-env name=AWS_SECRET_ACCESS_KEY::${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }}"
- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v1
	with:
	  aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
	  aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}

This works for my use case, so thanks for your help and input!

Highlighted
Copilot Lvl 3
Message 5 of 5

Re: Accessing secrets by index using an environment variable

Thanks for taking the time to share the solution with us.