Skip to content
/ phase-secrets-fetch-action Public

A GitHub Action that securely fetches secrets from Phase Console and generates a .env file for use in workflows.

License

MIT license
0 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

anilrajrimal1/phase-secrets-fetch-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits
LICENSE
LICENSE
 
 
README.md
README.md
 
 
action.yml
action.yml
 
 

Repository files navigation

🔐 Phase Secrets Fetch Action

GitHub release (latest by date) License: MIT

A GitHub Action that securely fetches secrets from Phase and generates a .env file for use in your workflows.

Overview

This action automates retrieving secrets from Phase and writing them to a .env file, making it easy to integrate secure environment variables into your GitHub Actions workflows.

Features

  • 🔒 Secure authentication using a Phase Service Token
  • 📥 Fetches secrets for a specified Phase environment
  • 📝 Writes secrets to a .env file for seamless use in subsequent steps
  • ⚡ Simple setup and integration with GitHub Actions

Usage

Prerequisites

  • A Phase account with configured secrets or your own Self-Hosted one.
  • A Phase Service Token with appropriate permissions

Note

Make sure you have Ubuntu-based self-hosted runner, This works on them only !

Basic Example

name: Deploy with Phase Secrets

on:
  push:
    branches: [ master ]

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      
      - name: Fetch Phase Secrets and generate .env
        uses: anilrajrimal1/phase-secrets-fetch-action@v1.0.5
        with:
          phase_service_token: ${{ secrets.PHASE_SERVICE_TOKEN }}
          phase_app_id: "your-phase-app-id"
          phase_env: "your-env"
          phase_host: "https://host.url.com" #Only if self-hosted, otherwise leave blank
      
      # Your .env file is now available for other steps
      - name: Run your application
        run: |
          docker compose up -d --build

Inputs

Input Description Required
phase_service_token Your Phase Service Token ✅ Yes
phase_app_id The id of your Phase application ✅ Yes
phase_env The environment (e.g., develop, staging, production) ✅ Yes
phase_host Phase host URL (only for self-hosted instances) ❌ No
output_file Path to save the .env file (default: .env) ❌ No
secrets_to_fetch Space-separated list of specific secrets to fetch ❌ No

Outputs

Output Description Value
env_file Path to the generated .env file .env

Security Notes

  • Store your PHASE_SERVICE_TOKEN as a GitHub Secret.
  • Never hardcode secrets in workflow files.
  • The action securely fetches secrets using Phase CLI.

How It Works

  1. The action installs the Phase CLI.
  2. Exports necessary environment variables for authentication.
  3. Fetches all secrets for the given application and environment.
  4. Writes them to a .env file.

Requirements

  • GitHub Actions runner with bash support

Contributing

Contributions are welcome! Feel free to submit a Pull Request.

License

This project is licensed under the MIT License - see the LICENSE file for details.

👨 Author

Anil Raj Rimal

🙏 Acknowledgements

  • Phase for providing a robust secrets management platform.

About

A GitHub Action that securely fetches secrets from Phase Console and generates a .env file for use in workflows.

Topics

security devops automation ci-cd phase secrets-management github-actions env-file

Resources

Readme

License

MIT license
Activity

Stars

0 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 6

v1.0.5 Latest
Mar 25, 2025
+ 5 releases

Packages

No packages published