Hiding Keys / Github Secrets


I am trying to hide secret keys (for access to MongoDB and S3) in a script. I would like to make use of Github Secrets or something similar. Does anyone have experience with setting hub Github Secrets / Actions and could you explain me how to do it?

Kind regards,

Hi Jan,

Within VIKTOR apps you can use the environment variable VIKTOR_APP_SECRET for secrets. At the moment the implementation in the product contains the following limitations you should be aware of:

  • there is only one variable. if you need multiple you can concatenate them with a known separator
  • it is not possible yet to self-service this secret in a published app. this means you need to communicate the value to us by sending a mail to support@viktor.ai. Please don’t send it plaintext in the body of the email. You can use a service like https://wormhole.app/ to send the secret and make sure it can only be downloaded once.


  • during development: you can use the commandline option --env to provide environment variables
  • during publishing: the environment variable are not a part of the deployment
  • after publishing: configure on the app by as (as described above)

I hope the above helps

1 Like