Home > Mobile >  GitHub Action appleboy/ssh-action: How do I avoid that the SSH key ends up on the server?
GitHub Action appleboy/ssh-action: How do I avoid that the SSH key ends up on the server?

Time:11-08

To log in from GitHub to my external server I use/test appleboy/ssh-action. As soon as I am on the server I start a git pull to get the latest changes to the server. However, this also includes the .github/workflows folder. And in a GH action yml file is my SSH password. I would like to avoid this. But I don't know how. Somebody know how to do this?

CodePudding user response:

You should not store the password in the YAML file itself. Instead, use the GitHub Actions secrets functionality in the repository settings to store the password as a secret, and then pass it in through the environment. For example, you can pipe a secret like so:

    - run: echo $PASSWORD | my-program-here
      env:
        PASSWORD: ${{secrets.SSH_PASSWORD}}

You can see an example of how this kind of approach is use in the Git LFS release workflow.

  • Related