Skip to content
This repository was archived by the owner on Mar 24, 2026. It is now read-only.

Commit 12ffe6c

Browse files
kzndotshkzndotsh
committed
chore: update secrets management in deployment scripts
- Modify `secrets.sh` to clarify that `QUICKBOOKS_ADMIN_KEY` should be set directly in environment files. - Update `deploy.yml` to reflect changes in secret management, marking `QUICKBOOKS_ADMIN_KEY` as environment-scoped. - Enhance comments for clarity regarding the export of secrets and non-sensitive variables. These changes improve the organization and clarity of environment variable management in the deployment process.
1 parent 3de20e8 commit 12ffe6c

File tree

2 files changed

+5
-2
lines changed

2 files changed

+5
-2
lines changed

.github/scripts/secrets.sh

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,8 @@ elif [ -f .env.secrets.dev ]; then
3030
# shellcheck disable=SC1091
3131
source .env.secrets.dev 2>/dev/null
3232
fi
33+
34+
# QUICKBOOKS_ADMIN_KEY should be set directly in the environment files
3335
export CLOUDFLARE_API_TOKEN
3436

3537
# Verify wrangler authentication

.github/workflows/deploy.yml

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -65,16 +65,17 @@ jobs:
6565
.github/scripts/secrets.sh "$ENV_NAME"
6666
env:
6767
CLOUDFLARE_API_TOKEN: ${{ secrets.CLOUDFLARE_API_TOKEN }}
68-
# Export all secrets as environment variables for the script
68+
# Export all secrets as environment variables for the script (now environment-scoped)
6969
QUICKBOOKS_CLIENT_ID: ${{ secrets.QUICKBOOKS_CLIENT_ID }}
7070
QUICKBOOKS_CLIENT_SECRET: ${{ secrets.QUICKBOOKS_CLIENT_SECRET }}
7171
QUICKBOOKS_REFRESH_TOKEN: ${{ secrets.QUICKBOOKS_REFRESH_TOKEN }}
7272
QUICKBOOKS_REALM_ID: ${{ secrets.QUICKBOOKS_REALM_ID }}
73+
# Environment-specific admin key (now from environment secrets)
7374
QUICKBOOKS_ADMIN_KEY: ${{ secrets.QUICKBOOKS_ADMIN_KEY }}
7475
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
7576
MONDAY_API_KEY: ${{ secrets.MONDAY_API_KEY }}
7677
TRIGGER_SECRET_KEY: ${{ secrets.TRIGGER_SECRET_KEY }}
77-
# Variables (non-sensitive)
78+
# Variables (non-sensitive, now environment-scoped)
7879
MONDAY_BOARD_ID: ${{ vars.MONDAY_BOARD_ID }}
7980
DISCORD_WEBHOOK_URL: ${{ vars.DISCORD_WEBHOOK_URL }}
8081
QUICKBOOKS_ENVIRONMENT: ${{ vars.QUICKBOOKS_ENVIRONMENT }}

0 commit comments

Comments
 (0)