Create Prod Environment Secrets Environment Rules

Learn how to configure a secure, production-ready environment in GitHub with deployment protection rules, secrets, and environment variables.

In this guide you’ll cover:

1. Creating the Production Environment
2. Configuring Deployment Protection Rules
3. Adding Repository Secrets
4. Defining Environment Variables

1. Create the Production Environment

1. Navigate to your repository’s Settings → Environments.
2. Click New environment.
3. Enter production as the environment name and hit Create environment.

2. Configure Deployment Protection Rules

Open the newly created production environment and apply these settings:

a. Deployment Wait Timer

Set Wait timer to 1 minute to introduce a brief delay before the job starts.

b. Required Reviewers

• Required approvals: 1
• Reviewers: Select up to 6 team members.
• (Optional) Disable Allow self approval to prevent deployers from approving their own workflows.

c. Branch Restrictions

Under Branch restrictions, choose only the main branch to ensure that only the approved branch can trigger production deployments.

3. Add Secrets

Store sensitive data as encrypted secrets in the production environment:

1. In production, click New repository secret.
2. Name: KUBECONFIG
3. Value: Your base64-encoded kubeconfig content.
4. Click Add secret.

4. Define Environment Variables

Specify variables your deployment workflow will consume:

Click Save changes to apply your configuration.

Validate Your Setup

To confirm your configuration, trigger a GitHub Actions workflow that targets the production environment. Check the Environments tab in your workflow run for applied protection rules and secrets usage.

References

• GitHub Environments Guide
• Managing Secrets in GitHub