Add Your Real GitHub Actions Secrets 🔐
Let's add Secrets for staging and production.
Adding Secrets
Use the exact names as provided. The values are hidden since they're secret, but I'll guide you on where to obtain them. Note that our CDK code generates values for each secret.
Common Variables (Yellow):
AWS_OIDC_DEPLOY_ROLE
: The role used for OIDC deployments.Value: githubOIDCDeployRole
DB_PORT
: The port on which the database is running. From CDK.env
.Value: 5432
PORT
: Application port number. From CDK.env
.Value: 4000
Production Variables (Green):
-
PROD_AWS_ACCOUNT_ID
: Get this fromAWS_ACCOUNT_ID
in the Production section of your CDK.env
file. -
PROD_DB_HOST
: Hostname for the production database. -
PROD_DB_NAME
: The name of the production database. -
PROD_DB_PWD
: The password for the production database. -
PROD_DB_SECRET_NAME
: The name of the secret storing production database credentials. -
PROD_DB_USERNAME
: The username for the production database.- To grab the values for DB, Log in to your production account, go to
Secrets Manager
in the AWS Management Console, and select the secret name.
- Click on the
Retrieve secret value
.
- Copy paste each value.
- Copy the value for
PROD_DB_SECRET_NAME
.
- To grab the values for DB, Log in to your production account, go to
-
PROD_EC2_INSTANCE_ID
: The EC2 instance ID to connect to the Database.-
Go to
EC2
in the AWS Management Console. -
Select
Instances (running)
- Copy the
Instance ID
-
Staging Variables (Blue):
Switch to your staging account and repeat the process.
STAGING_AWS_ACCOUNT_ID
: Get this fromAWS_ACCOUNT_ID
in the Staging section of your CDK.env
file.STAGING_DB_HOST
: Hostname for the staging database.STAGING_DB_NAME
: The name of the staging database.STAGING_DB_PWD
: The password for the staging database.STAGING_DB_SECRET_NAME
: The name of the secret storing staging database credentials.STAGING_DB_USERNAME
: The username for the staging database.STAGING_EC2_INSTANCE_ID
: The EC2 instance ID for the staging environment.