Skip to main content

Create GitHub Secret

This example demonstrates how to create GitHub Secrets in your GitHub repository via Port Actions.

In this example we are using a pre-defined GitHub Action from GitHub Marketplace called Create GitHub Secret Action.

Example - Create GitHub Secret

Follow these steps to get started:

  1. Create the following GitHub Action secrets:

    1. PERSONAL_ACCESS_TOKEN - a Classic Personal Access Token with the following scopes:

      Token Scopes

    2. PORT_CLIENT_ID - Port Client ID learn more.

    3. PORT_CLIENT_SECRET - Port Client Secret learn more.

  2. Install Port's GitHub app by clicking here.

  3. Create a Port blueprint with the following properties:

tip

Keep in mind this can be any blueprint you would like and this is just an example.

{
"identifier": "githubsecret",
"title": "GitHubSecret",
"icon": "Github",
"schema": {
"properties": {
"secret_key": {
"icon": "DefaultProperty",
"title": "Secret Key",
"type": "string",
"description": "All Uppercase",
"pattern": "^[^a-z]*$"
},
"secret_value": {
"icon": "DefaultProperty",
"title": "Secret Value",
"type": "string"
}
},
"required": ["secret_key", "secret_value"]
},
"mirrorProperties": {},
"calculationProperties": {},
"relations": {}
}
  1. Create a Port action using the following JSON definition:
Port Action (click to expand)
Modification Required

Make sure to replace the placeholders for <GITHUB_ORG_NAME> and <GITHUB_REPO_NAME> in your Port Action to match your GitHub environment.

{
"identifier": "service_create_github_secret",
"title": "Create GitHub Secret",
"icon": "Github",
"description": "Creates a GitHub secret in my repository",
"trigger": {
"type": "self-service",
"operation": "CREATE",
"userInputs": {
"properties": {
"secret_key": {
"icon": "DefaultProperty",
"title": "Secret Key",
"type": "string",
"pattern": "^[^a-z]*$"
},
"secret_value": {
"icon": "DefaultProperty",
"title": "Secret Value",
"type": "string",
"encryption": "aes256-gcm"
}
},
"required": [
"secret_key",
"secret_value"
],
"order": [
"secret_key",
"secret_value"
]
},
"blueprintIdentifier": "githubsecret"
},
"invocationMethod": {
"type": "GITHUB",
"org": "<GITHUB_ORG_NAME>",
"repo": "<GITHUB_REPO_NAME>",
"workflow": "create-repo-secret.yml",
"workflowInputs": {
"{{if (.inputs | has(\"ref\")) then \"ref\" else null end}}": "{{.inputs.\"ref\"}}",
"{{if (.inputs | has(\"secret_key\")) then \"secret_key\" else null end}}": "{{.inputs.\"secret_key\"}}",
"{{if (.inputs | has(\"secret_value\")) then \"secret_value\" else null end}}": "{{.inputs.\"secret_value\"}}",
"port_payload": {
"action": "{{ .action.identifier[(\"service_\" | length):] }}",
"resourceType": "run",
"status": "TRIGGERED",
"trigger": "{{ .trigger | {by, origin, at} }}",
"context": {
"entity": "{{.entity.identifier}}",
"blueprint": "{{.action.blueprint}}",
"runId": "{{.run.id}}"
},
"payload": {
"entity": "{{ (if .entity == {} then null else .entity end) }}",
"action": {
"invocationMethod": {
"type": "GITHUB",
"omitPayload": false,
"omitUserInputs": false,
"reportWorkflowStatus": true,
"org": "<GITHUB_ORG_NAME>",
"repo": "<GITHUB_REPO_NAME>",
"workflow": "create-repo-secret.yml"
},
"trigger": "{{.trigger.operation}}"
},
"properties": {
"{{if (.inputs | has(\"secret_key\")) then \"secret_key\" else null end}}": "{{.inputs.\"secret_key\"}}",
"{{if (.inputs | has(\"secret_value\")) then \"secret_value\" else null end}}": "{{.inputs.\"secret_value\"}}"
},
"censoredProperties": "{{.action.encryptedProperties}}"
}
}
},
"reportWorkflowStatus": true
},
"requiredApproval": false,
"publish": true
}
  1. Create a workflow file under .github/workflows/create-repo-secret.yml with the following content:
GitHub Workflow (click to expand)
name: Create Repository Secret

on:
workflow_dispatch:
inputs:
secret_key:
type: string
description: Name of the secret's key
secret_value:
type: string
description: value of the secret
port_payload:
required: false
description:
Port's payload, including details for who triggered the action and
general context (blueprint, run id, etc...)
type: string

jobs:
create_secret:
runs-on: ubuntu-latest
steps:
- uses: gliech/create-github-secret-action@v1
with:
name: ${{ inputs.secret_key }}
value: ${{ inputs.secret_value }}
pa_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}

- name: UPSERT Entity
uses: port-labs/port-github-action@v1
with:
identifier: ${{ inputs.secret_key }}
title: ${{ inputs.secret_key }}
team: "[]"
icon: DefaultBlueprint
blueprint: ${{ fromJson(inputs.port_payload).context.blueprint }}
properties: |-
{
"secret_key": "${{ inputs.secret_key }}",
"secret_value": "${{ inputs.secret_value }}"
}
relations: "{}"
clientId: ${{ secrets.PORT_CLIENT_ID }}
clientSecret: ${{ secrets.PORT_CLIENT_SECRET }}
operation: UPSERT
runId: ${{ fromJson(inputs.port_payload).context.runId }}
  1. Trigger the action from the Self-service tab of your Port application.