Setting Up Flavor Files in GitHub Secrets to Use in GitHub Workflow Actions

Photo by Roman Synkevych on Unsplash

Have you ever found yourself wanting to set up a GitHub Workflow Action, but you’re hesitant because your Flavor file contains a private key? Pushing that file could risk exposing your sensitive token to the public, and that’s definitely not something you want. Luckily, there’s a reliable solution: GitHub Secrets! In this guide, we’ll explore how to securely store your Flavor file in GitHub Secrets and effortlessly access those secrets in your GitHub Workflow Action. Let’s get started and keep your private keys safe!

I’m currently setting this up for one of my Flutter projects.

I have a production.json file that contains some private keys, and I’ve made sure not to push it to the repository to keep those keys secure.

To use this file with GitHub Secrets, we first need to convert the `production.json` file to Base64. Once we have the Base64 string, we can add it to GitHub Secrets for secure access.

Converting file to Base64

Run this command from the directory where the file is located.

MAC user
base64 -i production.json > output.txt

Windows user
Open Powershell and run this command
[Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes((Get-Content -Path "production.json" -Raw))) | Set-Content -Path "output.txt"

Adding Base64 in Github Secrets

Navigate to your repository, then go to Settings > Secrets & variables > Actions. Click on “New repository secret.”

Now, simply enter the variable name ( PROD_FLAVOR_FILE ), paste the Base64 value into the text field, and click Add Secret.

Decoding Base64 in GitHub Workflow Actions

For Windows Instance

- name: Decode and save the file
  run: |
    $base64 = "${{ secrets.PROD_FLAVOR_FILE }}"
    [IO.File]::WriteAllBytes("flavors/production.json", [Convert]::FromBase64String($base64))

- name: Use the file
  run: Get-Content flavors/production.json

For Mac instance

echo ${{ secrets.PROD_FLAVOR_FILE }} | base64 -d > flavors/production.json

Now, run the pipeline. It should read the Flavor file, and the build will succeed.

You can check out the GitHub Workflow pipeline for your reference here: GitHub Workflow CI (https://github.com/Smart-Bill-Book/smart-bill-book/blob/main/.github/workflows/ci.yml).

Do you know you can press the clap👏 button 50 times? The higher you go, the more it motivates me to write more stuff for you guys!
Hello, I am Agnel Selvan. You can find me on Linkedin or stalk me on GitHub.

If you like my work or the free stuff on this website and want to say thanks or encourage me to do more, you can buy me a coffee!