GitHub Actions Integration

Shield integrates seamlessly with GitHub Actions to protect your CI builds.

Basic Setup

Shield auto-detects secrets from environment variables injected by GitHub Actions:

- name: Install Shield
  run: npm install -g @dotsetlabs/cli

- name: Run tests with protection
  run: dotset shield run --mode redact -- npm test
  env:
    DATABASE_URL: ${{ secrets.DATABASE_URL }}
    API_KEY: ${{ secrets.API_KEY }}

Using with .env Files

If your workflow creates a .env file from secrets, Shield picks it up automatically:

- name: Create .env from secrets
  run: |
    echo "DATABASE_URL=${{ secrets.DATABASE_URL }}" >> .env
    echo "API_KEY=${{ secrets.API_KEY }}" >> .env

- name: Run with protection
  run: dotset shield run --mode redact -- npm test

Using AWS Secrets Manager

Shield can pull secrets directly from AWS during your build:

- name: Run with AWS Secrets
  run: dotset shield run --providers aws-sm --mode redact -- npm deploy
  env:
    AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
    AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
    AWS_REGION: us-east-1

Cloud Analytics

Link your project to track protection events:

- name: Run with analytics
  run: dotset shield run --mode redact -- npm test
  env:
    DOTSET_API_TOKEN: ${{ secrets.DOTSET_API_TOKEN }}

Create an API token in the Dotset dashboard and store it as a GitHub secret. Shield will automatically report protection events.

Introduction

CLI Reference

Preflight

Shield

GitHub Actions

GitHub Actions Integration

Basic Setup

Using with .env Files

Using AWS Secrets Manager

Cloud Analytics

Introduction

CLI Reference

Preflight

Shield

​GitHub Actions Integration

​Basic Setup

​Using with .env Files

​Using AWS Secrets Manager

​Cloud Analytics

GitHub Actions Integration

Basic Setup

Using with .env Files

Using AWS Secrets Manager

Cloud Analytics