Grit workflows sometimes need to use access tokens or other secrets to access dependencies. To enable Grit to access these secrets, you can add them to the repository's settings.
Adding a secret
Navigate to the project from the projects page.
Click the Settings tab.
Give the secret a name and paste the value into the Value field.
Click the plus icon to add the secret.
Conventions and details
- Secrets are encrypted at rest and in transit.
- By convention, secret names should be uppercase, with underscores (_) separating words.
- Secret names can only contain alphanumeric characters ([a-z], [A-Z], [0-9]) or underscores (_).
- Secret names must not start with a number or include spaces.
Common secrets
NPMRC
NPM requires an access token to install private packages. You can populate the contents of the .npmrc file with a secret.
| Secret name | Secret value |
|---|---|
NPMRC | The contents of the .npmrc file. Ex. //my.registry/artifactory/api/npm/npm:_authToken=my_token |
Amazon Web Services (AWS)
Grit requires access keys to access AWS resources.
| Secret name | Secret value | Example |
|---|---|---|
AWS_ACCESS_KEY_ID | The AWS access key ID. | AKIAIOSFODNN7EXAMPLE |
AWS_SECRET_ACCESS_KEY | The AWS secret access key. | wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY |
AWS_DEFAULT_REGION | The default AWS region. | us-east-1 |
Google Cloud Platform (GCP)
Instead of sharing a service account key, you can simply grant the Grit service account access to the resources it needs.
The Grit service account is identified by the email address workflows@grit-prod-services.iam.gserviceaccount.com.
CircleCI
For Grit to inspect and heal CircleCI workflows, you need to provide a CircleCI API token.
The token you create must have the Read only scope. Both personal and project tokens are supported.
| Secret name | Secret value |
|---|---|
CIRCLECI_TOKEN | A CircleCI API token |