How do I properly share cloud bucket secrets with my python script

jbusecke / cmip6_derived_cloud_datasets

Prototype for derived cloud data pipeline using CMIP6 data.

1 stars 0 forks source link

How do I properly share cloud bucket secrets with my python script #5

Closed jbusecke closed 3 years ago

jbusecke commented 3 years ago

What is the preferred way to 'pipe' key/secret values stored as github secrets into a python script?

Here are a few ways I thought about: 1) Define an environmental variable at github action runtime, and query that from within the script with os.environ[...] 2) Make a command line input for the secrets and calling the script with python script.py --key${{secrets.....}} --secret=${{}}

Are there other less clunky ways to do this? And does one of these methods have security implications?

rabernat commented 3 years ago

✅ 1. Define an environmental variable at github action runtime, and query that from within the script with os.environ[...]

jbusecke commented 3 years ago

Thanks. I implemented that here. Works like a charm!