Member-only story
How to Create GitHub Actions Secrets, Variables, and Environments using Terraform
Sometimes, we need to generate variables or credentials with Terraform code that will be consumed by a GitHub Actions pipeline.
In this story, we will learn to use Terraform to create GitHub Secrets, Variables, and Environments in a GitHub repository; in particular, we will learn how to create:
- GitHub Repository Secrets
- GitHub Repository Variables
- GitHub Environments Secrets
- GitHub Environments Variables
- GitHub Environments
- Encrypt secrets
1. Defining the GitHub Provider
Creating GitHub secrets or variables using Terraform involves using the GitHub provider, so first, we will define the GitHub authentication variables for the GitHub Token, GitHub Owner (organization or individual user account), and GitHub Repository.
variable "github_token" {
type = string
description = "GitHub personal access token"
}
variable "github_owner" {
type = string
description = "GitHub organization or individual user account to manage"
}
variable "github_repository" {
type = string
description = "GitHub repository name"
}Then, we will configure the Terraform and the GitHub provider:
# Define Terraform provider
terraform {
required_providers {
github = {
source = "integrations/github"
version = "~> 6.0"
}
}
}
# Configure the GitHub provider
provider "github" {
token = var.github_token
owner = var.github_owner
}We create a terraform.tfvars file to set the values for the variables:
github_repository = "openai-gpt"
github_token = "ghp_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
github_owner = "kopicloud"2. Creating a GitHub Personal Access Token
We need a GitHub personal access token with the repo and admin:repo_hook permissions.
We can create one from the GitHub settings:
