Skip to main content

Check out Port for yourselfย 

Create GitHub Secret

This example demonstrates how to create GitHub Secrets in your GitHub repository via Port Actions.

In this example we are using a pre-defined GitHub Action from GitHub Marketplace called Create GitHub Secret Action.

Example - Create GitHub Secretโ€‹

Follow these steps to get started:

  1. Create the following GitHub Action secrets:

    1. PERSONAL_ACCESS_TOKEN - a Classic Personal Access Token with the following scopes:

      Token Scopes

    2. PORT_CLIENT_ID - Port Client ID learn more.

    3. PORT_CLIENT_SECRET - Port Client Secret learn more.

  2. Install Port's GitHub app by clicking here.

  3. Create a Port blueprint with the following properties:

tip

Keep in mind this can be any blueprint you would like and this is just an example.

{
  "identifier": "githubsecret",
  "title": "GitHubSecret",
  "icon": "Github",
  "schema": {
    "properties": {
      "secret_key": {
        "icon": "Github",
        "title": "Secret Key",
        "type": "string",
        "description": "All Uppercase",
        "pattern": "^[^a-z]*$"
      },
      "secret_value": {
        "icon": "Github",
        "title": "Secret Value",
        "type": "string"
      }
    },
    "required": ["secret_key", "secret_value"]
  },
  "mirrorProperties": {},
  "calculationProperties": {},
  "relations": {}
}
  1. Create a Port action using the following JSON definition:
Port Action (click to expand)
Modification Required

Make sure to replace the placeholders for <GITHUB_ORG_NAME> and <GITHUB_REPO_NAME> in your Port Action to match your GitHub environment.

{
  "identifier": "create_git_hub_secret",
  "title": "Create GitHub Secret",
  "icon": "Github",
  "description": "Creates a GitHub secret in my repository",
  "trigger": {
    "type": "self-service",
    "operation": "CREATE",
    "userInputs": {
      "properties": {
        "secret_key": {
          "icon": "DefaultProperty",
          "title": "Secret Key",
          "type": "string",
          "pattern": "^[^a-z]*$"
        },
        "secret_value": {
          "icon": "DefaultProperty",
          "title": "Secret Value",
          "type": "string",
          "encryption": "aes256-gcm"
        }
      },
      "required": [
        "secret_key",
        "secret_value"
      ],
      "order": [
        "secret_key",
        "secret_value"
      ]
    },
    "blueprintIdentifier": "githubsecret"
  },
  "invocationMethod": {
    "type": "GITHUB",
    "org": "<GITHUB_ORG_NAME>",
    "repo": "<GITHUB_REPO_NAME>",
    "workflow": "create-repo-secret.yml",
    "workflowInputs": {
      "secret_key": "{{ .inputs.\"secret_key\" }}",
      "secret_value": "{{ .inputs.\"secret_value\" }}",
      "port_context": {
        "entity": "{{.entity}}",
        "blueprint": "{{.action.blueprint}}",
        "runId": "{{.run.id}}",
        "trigger": "{{ .trigger }}"
      }
    },
    "reportWorkflowStatus": true
  },
  "requiredApproval": false
}
  1. Create a workflow file under .github/workflows/create-repo-secret.yml with the following content:
GitHub Workflow (click to expand)
name: Create Repository Secret

on:
  workflow_dispatch:
    inputs:
      secret_key:
        type: string
        description: Name of the secret's key
      secret_value:
        type: string
        description: value of the secret
      port_context:
        required: false
        description:
          Who triggered the action and general context (blueprint, run id, etc...)
        type: string

jobs:
  create_secret:
    runs-on: ubuntu-latest
    steps:
      - name: Mask secret value
        run: echo "::add-mask::${{ inputs.secret_value }}"

      - uses: gliech/create-github-secret-action@v1
        with:
          name: ${{ inputs.secret_key }}
          value: ${{ inputs.secret_value }}
          pa_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}

      - name: Mask secret key
        run: echo "::add-mask::${{ inputs.secret_key }}"

      - name: UPSERT Entity
        uses: port-labs/port-github-action@v1
        with:
          identifier: ${{ inputs.secret_key }}
          title: ${{ inputs.secret_key }}
          team: "[]"
          icon: DefaultBlueprint
          blueprint: ${{ fromJson(inputs.port_context).blueprint }}
          properties: |-
            {
              "secret_key": "${{ inputs.secret_key }}",
              "secret_value": "${{ inputs.secret_value }}"
            }
          relations: "{}"
          clientId: ${{ secrets.PORT_CLIENT_ID }}
          clientSecret: ${{ secrets.PORT_CLIENT_SECRET }}
          baseUrl: https://api.getport.io
          operation: UPSERT
          runId: ${{ fromJson(inputs.port_context).runId }}

      - name: Inform completion of request to create secret in Port
        uses: port-labs/port-github-action@v1
        with:
          clientId: ${{ secrets.PORT_CLIENT_ID }}
          clientSecret: ${{ secrets.PORT_CLIENT_SECRET }}
          baseUrl: https://api.getport.io
          operation: PATCH_RUN
          status: "SUCCESS"
          runId: ${{fromJson(inputs.port_context).runId}}
          logMessage: "Created github secret ${{ github.event.inputs.secret_key }}"
  1. Trigger the action from the Self-service tab of your Port application.