Reputation: 1
What's best practice for sharing secrets between multiple GitHub Projects with Different Environments (..., staging, production)?
I’m working with two separate GitHub projects:
- Code Repository
- Terraform Repository
The issue arises when we need to handle environment-specific values. For example, when pipelines are run on the staging branch, GitHub Actions should use the staging-specific variables, but when pushed to main, it should use production variables. (duh, ofcourse)
While GitHub repositories allow setting environment-specific secrets (with different values for different environments), GitHub Organizations don’t have this capability, which makes it difficult to share environment variables between these two projects.
What’s the best practice for sharing environment secrets between these two GitHub projects, with environment-specific values for staging and production? Anyone experience with this?
Simplest ‘solution’ could be: Duplicating environment variables in both projects isn’t ideal, as it increases the risk of mistakes when updating values.
Other solution could be: storing these in a secret manager, but doesn’t feel ideal either as you have to prepend variables with your environment like so: GCP_PROJECT_ID_STAGING.
Upvotes: -1
Views: 25
Answers (0)
Related Questions
- Using github actions env vars to run different base Urls in feature and staging for snowflake Cypress test
- How to use reusable GitHub workflows and keep secrets in a single place?
- How to use environment variables set in Terraform Cloud?
- Cant access NEXTjs env in kubernetes/terraform
- Is there an acceptable workflow scenario for promoting Terraform .tfplan files through different environments (dev through production)?
- Using NODE_ENV with multiple environments in JavaScript projects