DocsSecrets
Chat-run secrets
Secrets stay in GitHub Actions. Codeq8 sees only the environment variables you explicitly map into the chat-run action step.
.github/workflows/codeq8-chat-run.yml
- name: Run Codeq8 chat bridge
uses: Codeq8/codeq8-action@v1
with:
github_token: ${{ github.token }}
env:
EXAMPLE_SERVICE_TOKEN: ${{ secrets.EXAMPLE_SERVICE_TOKEN }}Create the repository secret in GitHub under Settings -> Secrets and variables -> Actions. Then map that secret onto an environment variable in the Codeq8 chat-run step. The environment variable name is what Codeq8 sees during the run.
In this example, Codeq8 can read process.env.EXAMPLE_SERVICE_TOKEN or $EXAMPLE_SERVICE_TOKEN. The value is available only as a runtime environment variable and is not written to Codeq8 state by this workflow.
Start with the self-hosting setup guide before adding runtime secret mappings.
