CloudTruth centralizes your configuration and secrets information to make it easier to manage.
This action allows you to extract the configuration and secrets from a project, scoped
to an environment, into your GitHub Actions workflow. This is done securely by ensuring
that the GitHub workflow engine is told which of your configuration values are considered
secrets, so it can ensure they are properly redacted. This is analogous to the behavior
you would see if you added your secrets directly to your GitHub organization or repository
and then accessed those secrets through the secrets object in your action.
This action will modify your env object to have values for all the parameters that
you have stored in your project for the given environment.
You must have an api key established in your CloudTruth account.
| name | required | description |
|---|---|---|
apikey |
yes |
The CloudTruth Service Account API Key to use. |
project |
yes |
The CloudTruth project (name or id) within the organization. |
environment |
yes |
The CloudTruth environment (name or id) view to use. |
tag |
no |
The CloudTruth tag (name) within the environment to use. If not specified, current values will be retrieved. |
overwrite |
no |
(default: false) Allow existing environment variables to be overwritten. |
server |
no |
(default: https://api.cloudtruth.io) The CloudTruth server to execute the query against. |
Add a step to your workflow, ensuring that your CloudTruth service account api key is stored in GitHub as a secret:
- uses: cloudtruth/configure-action@v2
with:
apikey: "${{ secrets.CLOUDTRUTH_API_KEY }}"
project: "<project name or id>"
environment: "<environment name or id>"We recommend using tags to provide consistent retrieval of configuration. Tags isolate your deployments from changes being made in real-time by users.
See our GitHub Actions workflow for a working example.