Secrets

Information about the secrets used by this project.

GitHub

GitHub secrets are set in the settings of the repository for use by GitHub Actions.

Environment Secrets

Secrets specific to the repository, specific to a single environment.

DEPLOY_AWS_ACCESS_KEY_ID: AWS Access Key for the IAM user used to deploy infrastructure to accounts. This is not the user used when running tests but for deploying infrastructure used by tests (including the IAM user running the tests).

DEPLOY_AWS_SECRET_ACCESS_KEY: AWS Secret Access Key for the IAM user used to deploy infrastructure to accounts. This is not the user used when running tests but for deploying infrastructure used by tests (including the IAM user running the tests).

Repository Secrets

Secrets specific to the repository, available to all environments.

AWS_ACCESS_KEY: AWS Access Key for the IAM user used to publish artifacts to S3. This IAM user exists in the public AWS account.

AWS_SECRET_KEY: AWS Secret Access Key for the IAM user used to publish artifacts to S3. This IAM user exists in the public AWS account.

NPM_API_TOKEN: API access token used to publish Runway to NPM.

PYPI_PASSWORD: API token used to publish Runway to PyPi. This should be scoped to only the Runway project.

TEST_PYPI_PASSWORD: Similar to PYPI_PASSWORD but for https://test.pypi.org/.

TEST_RUNNER_AWS_ACCESS_KEY_ID: AWS Access Key for the IAM user used to run tests.

TEST_RUNNER_AWS_SECRET_ACCESS_KEY: AWS Secret Access Key for the IAM user used to run tests.

ReadTheDocs

Secrets are set as environment variables for ReadTheDocs to use when building documentation.

SPHINX_GITHUB_CHANGELOG_TOKEN: Used by sphinx-github-changelog to generate a changelog for GitHub Releases. The GitHub personal access token scope only needs to include repo.public_repo.