-
-
Notifications
You must be signed in to change notification settings - Fork 787
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Import secretes from secrets.yml #735
base: main
Are you sure you want to change the base?
Conversation
Signed-off-by: Florian Grabmeier <[email protected]>
Signed-off-by: Florian Grabmeier <[email protected]>
✅ Deploy Preview for homer-demo-content ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Signed-off-by: Florian Grabmeier <[email protected]>
Signed-off-by: Florian Grabmeier <[email protected]>
This is awesome! Please pull this into the main branch. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hello,
Indeed, secret in homer config file can be problematic. If you use secrets, Homer should not be exposed publicly (or behind some kind of auth proxy).
However, this approach can be misleading, users could think their secrets are secure in the separate file and expose it to the internet without any auth. It also add an additional request for no real value.
The only way to hide credentials would be to proxy the request on the server side.
|
||
## Importing Secrets | ||
|
||
You can import sensitive information such as API keys or passwords into your `config.yml` file securely using the `!secret` keyword. The corresponding tokens are stored in the `secrets.yml` file. This approach allows you to keep confidential information separate, eliminating the need to expose sensitive information directly in your configuration. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This secret file is as public as the main config file. Having it separated can help manage the secrets, but it does not add any security.
Thank you for the feedback. I certainly agree, it does not make the secrets more secure. Perhaps the wording in the documentation should be revised. The advantage of this feature is that you can publish your config without worrying, as discussed in #609. |
Description
I have implemented a new function so that it is now possible to import secrets from a
secrets.yml
file using the keyword!secret
.When loading the config, the corresponding key is loaded with the token from the secrets.yml file and replaced everywhere in the
config.yml
fileFixes #609
Type of change
Checklist:
config.yml
file