Skip to main content
Secrets aren’t supposed to be read by only humans. Sometimes, even machines need to fetch and read them. But you can’t save your account password in your scripts or CI/CD pipelines, right? That’d be too dangerous. To solve this issue, envsecrets allows you to generate ephemeral read-only tokens for a specific environment. These tokens allow you to authenticate the CLI against our APIs and export your secrets securely. Use the following command: 
envs export --token [your-secure-token]

Example

Use the following sample job step in your Github Actions workflow file. 
name: envs

on:
  push:

jobs:
  run_tests:
    runs-on: ubuntu-20.04
    steps:
    - uses: actions/checkout@v2
    - name: Export Secrets
      run: |
          export CLI_VERSION=1.1.7
          wget https://github.com/envsecrets/cli/releases/download/v${CLI_VERSION}/cli_${CLI_VERSION}_linux_amd64.tar.gz
          tar -xvzf cli_${CLI_VERSION}_linux_amd64.tar.gz
          chmod +x ./envs
          ./envs export --token b38fd6ef7fd54c53f972c03fe2110ec2 >> $GITHUB_ENV
      shell: bash
    - name: Read Secrets
      run: |
          echo $API_KEY
      shell: bash
I