1

I am using GitHub actions to deploy a .NET core application to a Lambda function in AWS and am trying to retrieve secrets so that I can use them in the application.

I have two environments set up; staging and production. Each has a secret called MISC_KEY.

The following snippet of code is from the GitHub Actions workflow which sets the secret as an environment variable in the staging environment first...

deploy_staging:
 name: 'Deploy to Staging'
 environment: staging
 runs-on: ubuntu-latest
 steps:
 - name: 'Checkout repository'
 uses: actions/checkout@v3
 - name: 'Set Environment Secrets'
 run: echo "GitHubSecret=${{ secrets.MISC_KEY }}" >> $GITHUB_ENV

In my .NET application, I am trying to access this variable using Environment.GetEnvironmentVariable and then just pass this into the endpoint of the API...

// Get GitHub secret
string gitHubSecret = Environment.GetEnvironmentVariable("GitHubSecret");
app.UseHttpsRedirection();
app.UseAuthorization();
app.MapControllers();
app.MapGet("/", () => $"The GitHub secret for this environment is {gitHubSecret}");
app.Run();

I am getting nothing returning, and am wondering if I am missing anything out in this process? Can GitHub secrets actually be used within the application code itself, or can they only be used as part of the GitHub Actions workflow?

asked Sep 5, 2023 at 15:14
5
  • Where is the application running? Setting environment variables in a workflow sets them on the Actions runner, and you're probably not running your application on there. What are the other steps in the workflow? Commented Sep 5, 2023 at 15:25
  • @BenjaminW. The application runs as a Lambda function in AWS. The GitHub Actions deploys the application using an AWS CloudFormation template file. Commented Sep 5, 2023 at 15:38
  • Thinking about that, that makes complete sense. I would need to presumably pass them to the Cloudformation file to set them as environment variables at that stage? Commented Sep 5, 2023 at 15:41
  • Maybe the secret should live in AWS secrets manager to begin with? Commented Sep 5, 2023 at 15:44
  • I was thinking that it would be more convenient to have them stored in GitHub as that is where the application code is hosted, but presumably using the AWS secrets manager would make more sense as the application gets deployed onto AWS - hopefully less configuration needed? Commented Sep 5, 2023 at 15:46

1 Answer 1

0

As the application is deployed on AWS, further configuration is required to pass the variables to the deployment stage which has been missed out.

answered Sep 5, 2023 at 15:50
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.