github-action-ssh icon indicating copy to clipboard operation
github-action-ssh copied to clipboard
verified publisher icon garygrossgarten

Pass secrets to SSH command

Open alexandrubau opened this issue 4 years ago • 1 comments

How can I pass secrets to the SSH command? Running the following command doesn't output MY_SECRET as an environment variable.

Thanks

- name: Start container services
   uses: garygrossgarten/github-action-ssh@release
   env:
     MY_SECRET: ${{ secrets.MY_SECRET }}
   with:
     host: ${{ steps.tf_out.outputs.vm_ip }}
     username: terraform
     privateKey: ${{ secrets.TF_KEY }}
     command: |
       printenv

alexandrubau avatar Nov 21 '21 21:11 alexandrubau

The action environment is not exported to the ssh host. There would be grave security concerns. You can pass them yourself with something like this, because ${{}} is evaluated before passing the string to the ssh action. But be careful, this could makes the secret a part of the ssh history or visible through ps.

- name: Start container services
   uses: garygrossgarten/github-action-ssh@release
   with:
     host: ${{ steps.tf_out.outputs.vm_ip }}
     username: terraform
     privateKey: ${{ secrets.TF_KEY }}
     command: |
       MY_SECRET: ${{ secrets.MY_SECRET }}
       printenv

manuel-hegner avatar Jan 17 '22 10:01 manuel-hegner