How to handle build secrets?

How should build secrets be handled? To be more specific I use a private npm repository for which I need to provide an auth token. I don’t see a way thats not involving pushing the token to the underlying git repo.
Does anyone have experience regarding this?

Thank you! :slight_smile:

There are 2 options, but both are not available yet:

  • secret-store in PANTARIS
  • pre-build docker-images and push them to your registry. Reference those images on PANTARIS

In the meanwhile, there might be a work-around, depending on your setup and where you use them (e.g. just in a frontend):

  • build the js code in your pipeline (gh actions, jenkins, etc)
  • let the pipline push the already built artifacts (e.g. html/css/js dist for a nginx) to the PANTARIS git-repo