arcgis-enterprise-base-linux, arcgis-enterprise-base-windows, and arcgis-server-linux templates support two ways of passing ArcGIS Online user credentials:
Using ARCGIS_ONLINE_USERNAME/ARCGIS_ONLINE_PASSWORD environment variables, and
Using arcgis_online_username/arcgis_online_password configuration properties.
The current principle for handling secrets is keeping credentials of accounts created by the workflows in the config files and keeping credentials of the pre-existing accounts (for example AWS credentials ) in the GitHub Actions secrets. That will minimize probability of leaking the user's secrets.
To make handling of ArcGIS Online user credentials more secure and less confusing, the workflows should support passing ArcGIS Online user credentials using environment variables only.
arcgis-enterprise-base-linux, arcgis-enterprise-base-windows, and arcgis-server-linux templates support two ways of passing ArcGIS Online user credentials:
The current principle for handling secrets is keeping credentials of accounts created by the workflows in the config files and keeping credentials of the pre-existing accounts (for example AWS credentials ) in the GitHub Actions secrets. That will minimize probability of leaking the user's secrets.
To make handling of ArcGIS Online user credentials more secure and less confusing, the workflows should support passing ArcGIS Online user credentials using environment variables only.