Avoid hardcoding secrets in credentials.yml file

Rasa Open Source
1

Hello!

Is it possible to use an external file with credentials values instead of hardcoding those values in the credentials.yml file itself?

This comes from the case of not hosting commits that contain sensitive information on GitHub, where Secrets can be created and avoid this type of case.

Also locally, I have added the configuration in credentials.yml so that requests can be made with Telegram, but this implies hardcoding the TOKEN, the VERIFY and the webhook_url. Is there a way to get these values from another file using some kind of variable?

Telegram:
   access_token: "{TOKEN}"
   verify: "{BOT_NAME}"
   webhook_url: "https://{URL}/webhooks/telegram/webhook"

Regards, Raúl.

2

Yes,

telegram:
   access_token: "${TOKEN}"

Set the environment variable TOKEN to the secret value. You can set the in a .env file or another file based on the shell environment you are using.

Greg

3

Hello @stephens

Yes, this works but it has to be without double quotes, like this, if I use quotes, the url with the webhook and other values are not formatted correctly

Telegram:
   access_token: ${TELEGRAM_TOKEN}
   verify: ${TELEGRAM_BOT_NAME}
   webhook_url: ${TELEGRAM_WEBHOOK}

I have then created an .env file with the following:

export TELEGRAM_TOKEN=value
export TELEGRAM_BOT_NAME=value
export TELEGRAM_WEBHOOK=value

and for rasa to get the values I have to export the secrets in the form

source env_file

This means that when executing printenv these variables with secrets can be consulted, I don’t like that they are in the environment but I suppose that with good security measures in the server instance it shouldn’t cause problems.

Regards, Raúl.