This resource allows you to create and manage GitHub Codespaces secrets within your GitHub repositories. You must have write access to a repository to use this resource.
Secret values are encrypted using the Go '/crypto/box' module which is interoperable with libsodium. Libsodium is used by GitHub to decrypt secret values.
For the purposes of security, the contents of the plaintext_value
field have been marked as sensitive
to Terraform,
but it is important to note that this does not hide it from state files. You should treat state as sensitive always.
It is also advised that you do not store plaintext values in your code but rather populate the encrypted_value
using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible
in your code. See below for an example of this abstraction.
data "github_codespaces_public_key" "example_public_key" {
repository = "example_repository"
}
resource "github_codespaces_secret" "example_secret" {
repository = "example_repository"
secret_name = "example_secret_name"
plaintext_value = var.some_secret_string
}
resource "github_codespaces_secret" "example_secret" {
repository = "example_repository"
secret_name = "example_secret_name"
encrypted_value = var.some_encrypted_secret_string
}
The following arguments are supported:
repository
- (Required) Name of the repositorysecret_name
- (Required) Name of the secretencrypted_value
- (Optional) Encrypted value of the secret using the GitHub public key in Base64 format.plaintext_value
- (Optional) Plaintext value of the secret to be encryptedcreated_at
- Date of codespaces_secret creation.updated_at
- Date of codespaces_secret update.This resource can be imported using an ID made up of the repository
and secret_name
:
$ terraform import github_codespaces_secret.example_secret example_repository/example_secret_name
NOTE: the implementation is limited in that it won't fetch the value of the
plaintext_value
or encrypted_value
fields when importing. You may need to ignore changes for these as a workaround.