Skip
Arish's avatar

16. Secrets Management

GitHub Secrets Best Practices

  1. Never commit secrets to code
  2. Use environment-specific secrets
  3. Rotate secrets regularly
  4. Use least privilege

Required Secrets for Rails

yaml
1# Repository Secrets
2DATABASE_URL
3REDIS_URL
4SECRET_KEY_BASE
5RAILS_MASTER_KEY
6
7# Deployment Secrets
8HEROKU_API_KEY
9RAILWAY_TOKEN
10AWS_ACCESS_KEY_ID
11AWS_SECRET_ACCESS_KEY

Using RAILS_MASTER_KEY

yaml
1steps:
2  - name: Decrypt credentials
3    env:
4      RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
5    run: bundle exec rails credentials:show

Generating Secrets

bash
1# Generate secret key
2rails secret
3
4# Generate master key
5EDITOR=vim rails credentials:edit

Organization Secrets

Share secrets across repositories:

  1. Go to Organization Settings
  2. Click Secrets and Variables
  3. Create organization secret
  4. Select repository access

Dependabot Secrets

For automated dependency updates:

yaml
1# Dependabot can access these
2name: dependabot-secrets