Codeq8 logoCodeq8
DocsSecrets

Chat-run secrets

Secrets stay in GitHub Actions. Codeq8 sees only the environment variables you explicitly map into the chat-run action step.

.github/workflows/codeq8-chat-run.yml
      - name: Run Codeq8 chat bridge
        uses: Codeq8/codeq8-action@v1
        with:
          github_token: ${{ github.token }}
        env:
          EXAMPLE_SERVICE_TOKEN: ${{ secrets.EXAMPLE_SERVICE_TOKEN }}

Create the repository secret in GitHub under Settings -> Secrets and variables -> Actions. Then map that secret onto an environment variable in the Codeq8 chat-run step. The environment variable name is what Codeq8 sees during the run.

In this example, Codeq8 can read process.env.EXAMPLE_SERVICE_TOKEN or $EXAMPLE_SERVICE_TOKEN. The value is available only as a runtime environment variable and is not written to Codeq8 state by this workflow.

Start with the self-hosting setup guide before adding runtime secret mappings.