Workflow Secrets

Grit workflows sometimes need to use access tokens or other secrets to access dependencies. To enable Grit to access these secrets, you can add them to the repository's settings.

Adding a secret

  1. Navigate to the project from the projects page.

  2. Click the Settings tab.

  3. Give the secret a name and paste the value into the Value field.

  4. Click the plus icon to add the secret.

    Secret settings

Conventions and details

  • Secrets are encrypted at rest and in transit.
  • By convention, secret names should be uppercase, with underscores (_) separating words.
  • Secret names can only contain alphanumeric characters ([a-z], [A-Z], [0-9]) or underscores (_).
  • Secret names must not start with a number or include spaces.

Common secrets

NPMRC

NPM requires an access token to install private packages. You can populate the contents of the .npmrc file with a secret.

Secret nameSecret value
NPMRCThe contents of the .npmrc file. Ex. //my.registry/artifactory/api/npm/npm:_authToken=my_token

Amazon Web Services (AWS)

Grit requires access keys to access AWS resources.

Secret nameSecret valueExample
AWS_ACCESS_KEY_IDThe AWS access key ID.AKIAIOSFODNN7EXAMPLE
AWS_SECRET_ACCESS_KEYThe AWS secret access key.wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
AWS_DEFAULT_REGIONThe default AWS region.us-east-1

Google Cloud Platform (GCP)

Instead of sharing a service account key, you can simply grant the Grit service account access to the resources it needs.

The Grit service account is identified by the email address workflows@grit-prod-services.iam.gserviceaccount.com.