Accessing secret env variables during build step

[variables]
GOPRIVATE="github.com/stroomnetwork"
STROOM_REPOS_ACCESS_KEY="ghp_THIS is Secret, so I can't put it here, but it works if I do"

[phases.install]
aptPkgs = ['...', 'unzip', 'wget', 'jq']
paths = ['~/go/bin', '/usr/local/bin']

cmds = [
# to support private repo imports
'git config --global url.https://${STROOM_REPOS_ACCESS_KEY}@github.com/.insteadOf https://github.com/',
'...',
'make setup'
]
[variables]
GOPRIVATE="github.com/stroomnetwork"
STROOM_REPOS_ACCESS_KEY="ghp_THIS is Secret, so I can't put it here, but it works if I do"

[phases.install]
aptPkgs = ['...', 'unzip', 'wget', 'jq']
paths = ['~/go/bin', '/usr/local/bin']

cmds = [
# to support private repo imports
'git config --global url.https://${STROOM_REPOS_ACCESS_KEY}@github.com/.insteadOf https://github.com/',
'...',
'make setup'
]
I need to pass STROOM_REPOS_ACCESS_KEY into a build step, but it's not defined unless I put it plaintext into nixpacks.toml. However, I don't want to commit this value either
24 Replies
Percy
Percy11mo ago
Project ID: fdd52bdc-3766-40b0-9727-44e1356a5da3
caffeinum
caffeinum11mo ago
fdd52bdc-3766-40b0-9727-44e1356a5da3
Brody
Brody11mo ago
have you tried putting it in the service variables?
caffeinum
caffeinum11mo ago
do you mean [variables] section in nixpacks?
Brody
Brody11mo ago
I mean the variables section of the railway service
caffeinum
caffeinum11mo ago
what about locally though? i guess you're right, and that's not a railway feedback, more of a nixpacks feedback
Brody
Brody11mo ago
you use railway run locally still isn't feedback, these are purely questions
caffeinum
caffeinum11mo ago
so you're saying it's not possible to pass a variable into nixpacks build without exposing it plaintext in the nixpacks.toml?
Brody
Brody11mo ago
never said that
caffeinum
caffeinum11mo ago
how do i do that?
Brody
Brody11mo ago
you want to put that variable in the service variables use the service variables
caffeinum
caffeinum11mo ago
yeah, you said that
caffeinum
caffeinum11mo ago
this works on railway, but not locally
Brody
Brody11mo ago
^
caffeinum
caffeinum11mo ago
yes, i tried that now
Brody
Brody11mo ago
or you just login with github locally and you'd be authorised
caffeinum
caffeinum11mo ago
what command do you propose to do w/ railway run? i thought you meant railway run nixpacks build .
caffeinum
caffeinum11mo ago
A block has been shared!
railway run nixpacks build . ### ╔═════════════════════�...
caffeinum
caffeinum11mo ago
it doesn't work either
Brody
Brody11mo ago
whatever command needs that github token
caffeinum
caffeinum11mo ago
mm this doesn't really make sense
Brody
Brody11mo ago
I'm not sure what's confusing here so let's only focus on getting this working on railway have you placed your github token in the service variables yet
caffeinum
caffeinum11mo ago
yes, it works on railway, but i also want to be able to build the same image for testing locally the original problem is mostly fixed now, so i will close the issue but it's still not clear to me why it's not possible