How I Open-Sourced My Secret Access Tokens from GitHub, Slack, and NPM — and Who Actually Cares
Our framework has a CI pipeline that runs npm run build
, publishes the package to NPM (npm publish
), and creates a new release on GitHub. It also sends a notification about the release to a Slack webhook for our team.
Secrets for these services were stored in our CI’s built-in Vault (we are running a self-hosted Woodpecker CI).
Recently, while moving plugins to separate repositories, I decided to try Infisical for centralized secrets management instead of the internal CI Vault. Infisical provides a self-hosted open-source solution, has a well-organized UI, and offers better access control than our CI Vault. It was important to me that I could reuse secrets across different repositories without copying them every time I created a new plugin.
Here’s what I did: