Closed chrheg closed 3 months ago
gr2m
commented
3 months ago I'm not a fan. I suggest to create an issue to discuss your idea first. For your use case, I instead suggest to add an additional step that parses JSON or whatever format you store your variables in, and then use the outputs from that step and feed them into the existing inputs of actions/create-github-app-token
chrheg
commented
3 months ago I also pursued the same path, and found that if the content is parsed directly with JSON:
app-id: ${{ fromJson(secrets.APPxx_SETTINGS).app_id }}
private-key: ${{ fromJson(secrets.APPxx_SETTINGS).private_key }}It exposes all details in the action logs. However, this issue can be resolved by incorporating a prior step to decode and mask the information.
gr2m
commented
3 months ago great idea using fromJson as a workaround 👍🏼
In the context of larger organizations where organization-wide secrets are preferred over repository-specific secrets, the current requirement of managing two secrets per application can lead to substantial overhead. To alleviate this, the proposed change offers an option to consolidate all inputs into a single secret.
This approach potentially simplifies secret management significantly, reducing the total number of secrets that need to be maintained. Though it's uncertain whether this function will be appreciated or useful to all users, the aim of this pull request is to initiate a discussion regarding its potential benefits and drawbacks.