How to use github secrets inside a markdown file?

support
1

Hi there ! I’m using Github to host my hugo website repository.

I’m trying to use Github Secrets in a markdown page in an objective to prevent the leaking of my contacts details. Well, technically they are on my builded and online website. But I just want to prevent user from forking my website repo and making my contacts details available for ever.

And it will help me learn how to use secrets.

Anyway, I can’t see how I should write my variables on my markdown file and if I should change something in my workflow.yaml file. I can’t find any valuable information on the subject, everyone is just trying to put their auth token here, which I don’t need.

And in addition, how to allow only for forking the main branch of my repo ? Based on my understanding, if I’m using secrets on the markdown files, the builded html files inside the gh-pages branch will have my contact details and be available to people forking.

Thanks in advance !

2

There are two approachs to do that.

  1. Configuration Parameters

Hugo allows using env vars to override the configurations, HUGO_PARAMS_* for parameters.

// config.toml
[params.contact]
email = ""

Using built-in param shortcode in Markdown content

{{< param "contact.email" >}}

And override the parameter by setting HUGO_PARAMS_CONTACT_EMAIL

            - name: Build
              run: hugo --minify --gc
              env: # Or as an environment variable
                  HUGO_PARAMS_CONTACT_EMAIL: ${{ secrets.EMAIL_ADDRESS }}
                  ...
  1. Custom Env Variables

You should create a shortcode to access the env var, then you’re able to use the shortcode in Markdown content.

layouts/shortcodes/env.html

{{ getenv (.Get 0) }}

Markdown content

{{< env "EMAIL_ADDRESS" >}}

You’ll need to tweak the security settings, otherwise you’re not allowed to access the custom env vars.

// config.toml
[security.funcs]
getenv = ['^HUGO_', '^CI$', 'EMAIL_ADDRESS']
3

Thanks a lot ! In the end, this is not the solution I’ll use for this particular repo, as the build branch still gets my informations and can be forked. I ended up putting my informations on a private repo that is then linked.

But it’ll help for another one right away so thanks you very much for your time !