docs
GitHub CI/CD Deployment
Add Secrets

Add Your Real GitHub Actions Secrets 🔐

Let's add Secrets for staging and production.

Adding Secrets

Use the exact names as provided. The values are hidden since they're secret, but I'll guide you on where to obtain them. Note that our CDK code generates values for each secret.

Create Permission Set Create Permission Set

Common Variables (Yellow):

  • AWS_OIDC_DEPLOY_ROLE: The role used for OIDC deployments.

    Value: githubOIDCDeployRole

  • DB_PORT: The port on which the database is running. From CDK .env.

    Value: 5432

  • PORT: Application port number. From CDK .env.

    Value: 4000

Production Variables (Green):

  • PROD_AWS_ACCOUNT_ID: Get this from AWS_ACCOUNT_ID in the Production section of your CDK .env file.

  • PROD_DB_HOST: Hostname for the production database.

  • PROD_DB_NAME: The name of the production database.

  • PROD_DB_PWD: The password for the production database.

  • PROD_DB_SECRET_NAME: The name of the secret storing production database credentials.

  • PROD_DB_USERNAME: The username for the production database.

    1. To grab the values for DB, Log in to your production account, go to Secrets Manager in the AWS Management Console, and select the secret name.

    Create Permission Set

    1. Click on the Retrieve secret value.

    Create Permission Set

    1. Copy paste each value.

    Create Permission Set

    1. Copy the value for PROD_DB_SECRET_NAME.

    Create Permission Set

  • PROD_EC2_INSTANCE_ID: The EC2 instance ID to connect to the Database.

    1. Go to EC2 in the AWS Management Console.

    2. Select Instances (running)

    Create Permission Set

    1. Copy the Instance ID

    Create Permission Set

Staging Variables (Blue):

Switch to your staging account and repeat the process.

  • STAGING_AWS_ACCOUNT_ID: Get this from AWS_ACCOUNT_ID in the Staging section of your CDK .env file.
  • STAGING_DB_HOST: Hostname for the staging database.
  • STAGING_DB_NAME: The name of the staging database.
  • STAGING_DB_PWD: The password for the staging database.
  • STAGING_DB_SECRET_NAME: The name of the secret storing staging database credentials.
  • STAGING_DB_USERNAME: The username for the staging database.
  • STAGING_EC2_INSTANCE_ID: The EC2 instance ID for the staging environment.