2

Background

GitHub allows you to store Encrypted Secrets (Settings > Codespaces > Codespaces secrets), which is an amazing feature. For security, secrets stored this way are never visible to you once they are stored.

However, while hacking on something new, I find that it’s useful to be able to see my secrets and other environment variables occasionally. Typically, when hacking on a local project, I’ll store my secrets in a .env file, which is kept out of source control by listing it in my .gitignore file.

Issue

I’d like to do the same with GitHub Codespaces: store a gitignore’d .env file in my Codespace that is visible only to me.

However, with GitHub Codespaces living in the cloud, it is unclear whether this .env file would be somehow visible to others.

Question

If I gitignore a .env (or any other) file in my GitHub Codespace, is that file going to be somehow visible via the Codespace to others?

Ash Ryan Arnwine
  • 1,471
  • 1
  • 11
  • 27

1 Answers1

1

I received this answer on Twitter from GitHub employee Jonathan Carter (@LostInTangent) yesterday:

The Codespaces file system isn’t visible to anyone else, including org admins for the repo the Codespace is associated with. So as long as you gitignore the .env file, you’re totally fine to use that, in addition to managed secrets.

This is the answer I was looking for.

As a helpful aside, he additionally notes in-thread:

That said, you can also use the “Codespaces: Manage User Secrets” command, to view/add/edit/delete secrets directly from VS Code. So that might provide another option for easily managing secrets from the editor?

Ash Ryan Arnwine
  • 1,471
  • 1
  • 11
  • 27