CI/CD Integration

You can easily setup keystone to work with your current CI/CD pipelines using ks ci add. Read on to configure the supported services.

GitHub actions

To integrate Keystone with GitHub actions you will need a Personal Access Token with repo access. See GitHub’s documentation on Creating a personal access tokens.


To setup and send your secrets to your repo type the following command:

ks ci add

You’ll be asked the repo URL, and the Personal Access Token.

Update secrets and files on GitHub repo

ks ci send --env prod

This will creates secrets on GitHub’s side to be use by the Keystone GitHub action.

Add the Keystone GitHub action to your workflow

In your workflow file, after the checkout action add the following step:

 - name: Load Secrets
        uses: wearedevx/keystone-action
        id: load_secrets
          keystone_slot_1: ${{ secrets.KEYSTONE_PROD_SLOT_1 }}
          keystone_slot_2: ${{ secrets.KEYSTONE_PROD_SLOT_2 }}
          keystone_slot_3: ${{ secrets.KEYSTONE_PROD_SLOT_3 }}
          keystone_slot_4: ${{ secrets.KEYSTONE_PROD_SLOT_4 }}
          keystone_slot_5: ${{ secrets.KEYSTONE_PROD_SLOT_5 }}

This will load all secrets as environment variables and can be used as such in scripts, or via ${{ env.SECRET_NAME }}.

Files managed by Keystone are written to the job’s container disk and are accessible under the same path you used when adding them to Keystone.

Edit this page on GitHub