Helps you retrieve secrets from Infisical and deploy them to your Kubernetes cluster.
Behind the scenes we are installing the Infisical CLI and using it to retrieve the secrets. All the secrets are then piped into the file specified in the destinationFile parameter, default: secrets.json, in the json format.
Platform Support: Linux x64 (amd64) and arm64 runners. Other platforms can be added as needed.
name: My workflow
jobs:
prepare:
runs-on: ubuntu-latest
steps:
- name: Create secrets file
uses: dotcom-dev/infisical-secrets@main
with:
token: ${{ secrets.INFISICAL_TOKEN }}
projectId: "5a503cbd2369e9143ad88fr5"
env: "prod"| Parameter | Description | Default |
|---|---|---|
domain |
Infisical API domain. Helpful for self-hosted deployments, if not provided, will use the official domain. | Official |
token |
Your Infisical API token. | |
projectId |
The ID of the project you want to retrieve secrets from. | |
env |
The environment you want to retrieve secrets from. | |
path |
Secrets path inside the environment. | / |
format |
The format of the secrets file. (json, yaml, dotenv etc.) | json |
destinationFile |
The file you want to write the secrets to. | secrets.json |
kubernetes |
Whether to deploy the secrets to Kubernetes. | false |
kubernetesSecretName |
The name of the Kubernetes secret. (Required if kubernetes is true) |
|
kubernetesNamespace |
The namespace of the Kubernetes secret. |
Note: This action is currently in beta. Please use it with caution and at your own risk.
- Adjust the code and then.
- Build with
yarn build - Commit the changes
- Update the version in the
package.jsonfile and commit the change with the messagevX.Y.Z - Create a new tag with the version:
git tag -a vX.Y.Z -m vX.Y.Z - Push the changes to the repository
- Create a new release with the tag
vX.Y.Zand the release notes