Share secrets between repositories
Sometimes, your project is not setup as a monorepo and need to share some secrets with an other part of your application that lives in a other repository. Thankfully, Keystone projects aren’t bound to a VCS system or repo, and can be simply used accross several repositories, no matter what VCS you use.
Say you are building a CLI tool, and plan on distributing it on Homebrew.
You chose to maintain a tap, and for that reason, you now have one repositiory
for your CLI’s source code,
organisation/tool-cli, and one for your tap,
Due to the internal workings of your tool, you need to have a
secret shared between those two repositories.
You’ve already initialized a Keytone project named
tool-cli in the
and added the secret:
ks init tool-cli ks secret add WHISPER shhh
1. Copy the keystone.yaml file
In the root of your project lives the
keystone.yaml file. It contains the project id,
so if you copy that file at the root of your other repository, you’ll be able
to mirror your main project.
cp ~/projects/tool-cli/keystone.yaml ~/projects/homebrew-tap/keystone.yaml
2. Send yourself the current environment
cd ~/project/tool-cli ks env send
You’ll have to repeat that command every time you need
to update the other repo, the
homebrew-tap in our examble.
3. Update the other repo
cd ~/project/homebrew-tap ks secret
This will fetch the data you just sent yourself in the prior step, and lists the secrets with their values.
Keep CI in sync
You can add as many CI services as you want using
ks ci add.
Simply add both the
services, and set them up both with the GitHub action.
Everytime you’ll type
ks ci send, secret will be sent to all the ci services