Surge token in GH Actions: switch for GH secrets to the use of KSM secrets manager

[tbouffard]

The whole bonitasoft organization is doing the switch to the KSM secrets manager. Retrieving the secrets to use in the GH workflow would looks like something

- name: Retrieve secrets from Keeper
  uses: Keeper-Security/ksm-action@v1
  with:
    keeper-secret-config: ${{ secrets.KSM_CONFIG }}
    secrets: |
      ${{ vars.KEEPER_SURGE_TOKEN_RECORD_ID }}/field/password > env:SURGE_TOKEN

Notice that this configuration has a drawback in term of security. Previously, the token was available only in repositories where the secrets was configured to be accessible. In the future, all repo of the organization will have access to this token.