Using credentials in your Makefiles

Recently while working on a project I needed a way to include secrets in my repo for local development that integrated with my Make based build setup. I found that a nice way to do this is with the include command in Make.

The include command allows you to include external files to augment your makefile. First I created a secrets.mk and declared variables in it for my API keys.

1# secrets.mk
2github_access_token := 'xxxxxxxxxxxxxxxxx'
3slack_access_token := 'xxxxxxxxxxxxxxxxx'

Then in makefile I added include secrets.mk. Don’t forget to add secrets.mk to your .gitignore!

 1include secrets.mk
 2.PHONY: dev
 3
 4dev: app
 5  GITHUB_ACCESS_TOKEN=$(github_access_token) \
 6  SLACK_ACCESS_TOKEN=$(slack_access_token) \
 7  ./app
 8
 9app:
10  go build -o app main.go

One issue with this I ran into was in my CI build I didn’t have a secrets.mk file. Make will fail if it cannot find an include file on disk or if it Make unable to find a rule to generate one. Luckily you can preprend a dash to the include statement to make it optional, so the rest of your tasks that don’t require an include will still be usable.

1-include secrets.mk

Lastly, another neat thing about using this technique is that if an include isn’t found, Make will look for a task that can generate it. I added a secrets.mk task to my makefile that creates a stub include file that can get filled out with the correct credentials if needed.

 1include secrets.mk
 2.PHONY: dev
 3
 4dev: app
 5  GITHUB_ACCESS_TOKEN=$(github_access_token) \
 6  SLACK_ACCESS_TOKEN=$(slack_access_token) \
 7  ./app
 8
 9app:
10  go build -o app main.go
11
12secrets.mk:
13  echo "github_access_token:='xxxxxxxx'" > ./secrets.mk
14  echo "slack_access_token:='xxxxxxxxx'" >> ./secrets.mk