GitHub Actions Integration

Shield integrates seamlessly with GitHub Actions to protect your CI builds.

Basic Setup (Zero-Migration)

If your secrets are already in a .env file (e.g., created by a previous step), Shield works automatically:

- name: Run tests with protection
  run: dotset run --mode redact -- npm test

Using AWS Secrets Manager

Shield can pull secrets directly from AWS during your build. Ensure your runner has the correct IAM permissions:

- name: Run with AWS Secrets
  run: dotset run --providers aws-sm --mode redact -- npm deploy
  env:
    AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
    AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
    AWS_REGION: us-east-1

Using Native Protected Storage

If you use Shield’s native encrypted storage, provide your project key:

- name: Run with native secrets
  run: dotset run --mode redact -- npm test
  env:
    DOTSET_KEY: ${{ secrets.DOTSET_KEY }}

To initialize a project for native storage, use dotset secrets init locally before pushing.

Getting Started

Core Concepts

CLI Reference

Guides

Security

GitHub Actions

GitHub Actions Integration

Basic Setup (Zero-Migration)

Using AWS Secrets Manager

Using Native Protected Storage

Getting Started

Core Concepts

CLI Reference

Guides

Security

​GitHub Actions Integration

​Basic Setup (Zero-Migration)

​Using AWS Secrets Manager

​Using Native Protected Storage

GitHub Actions Integration

Basic Setup (Zero-Migration)

Using AWS Secrets Manager

Using Native Protected Storage