0

Github security does not allow storing Private Access Token in ClearTextPassword property of nuget.config. Basically, they disable the PAT. My question is, will the tag replacement of ${{ secrets.NuGetAPIKey }} take care of nuget.config also?

Note that without username & password in nuget.config, I couldn't publish my package to GitHub package (There is a tracking bug in GitHub for this).

frosty
  • 2,421
  • 6
  • 26
  • 47

1 Answers1

1

Github replaces secrets only in the directory .github/workflows. I had a similar kind of requirement when I need to deploy the app on server using some keys. It's better to use environment variables with env tag in yaml. Refer the last deploy section of this public gist

Lavish
  • 642
  • 7
  • 12