The Guild Secrets

Collection of shared secrets from The Guild for local and CI usage.

Usage

Make sure to have git-secret and GnuPG installed.

Reveal secrets

1. git secret reveal
2. Revealed secrets are files inside the secrets/ folder without the .secret extension

Hide secrets

1. git secret hide
2. Hidden secrets are files inside the secrets/ folder with the .secret extension

Add new secret

1. Reveal secrets
2. Create a new file inside secrets/
3. Make sure the filename (because the filename is the secret name):
   1. Has no spaces
   2. Has illegal characters
   3. Has no extension
4. Write the secret inside the contents of the file
5. git secret add <filepath>
6. Hide secrets

Remove secret

1. Reveal secrets
2. git secret remove <filepath>
3. Hide secrets

Give access to user

Make sure you have obtained the GPG key from the user.

1. Reveal secrets
2. Import the obtained GPG key
3. git secret tell <email>
4. Hide secrets

Use in GitHub Actions

Simply add a job step that uses the-guild-org/secrets and provide the GPG key that has access to the secrets through the gpg-key input.

The revealed secrets will be a part of the job step's output, for example: steps.secrets.outputs.<filename>.

jobs:
  publish:
    name: Publish
    runs-on: ubuntu-latest
    steps:
      - name: The Guild Secrets
        id: secrets
        uses: the-guild-org/secrets@main
        with:
          gpg-key: ${{ secrets.GPG_KEY }}
      - name: Publish
        env:
          NPM_TOKEN: ${{ steps.secrets.outputs.NPM_TOKEN }}
        run: npm publish