🔐 How to Generate a Secure Secret
Protect your webhook with a secret handshake using OpenSSL or any crypto tool…
A secure secret is like a secret password that only your app and GitHub know. It helps your webhook listener check if incoming messages are real and safe.
Think of it like a secret handshake—if it doesn’t match, the message gets rejected!
🧭 Step-by-Step Guide
✅ Step 1: Open Your Terminal
- On Mac or Linux: Open the Terminal app
- On Windows: Open Command Prompt or PowerShell
✅ Step 2: Type This Command
openssl rand -hex 32✅ Step 3: Copy the Output
You’ll see something like:
9f3a7c2e1b6d4a8f3c1e2a7d9b5f6c3e9a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d✅ Step 4: Paste It into Your .env File
WEBHOOK_SECRET=9f3a7c2e1b6d4a8f3c1e2a7d9b5f6c3e9a1b2c3d4e5f6a7b8c9d0e1f2a3b4c5d✅ Step 5: Paste the Same Secret into GitHub Webhook Settings
- Go to your GitHub repo → Settings → Webhooks
- Add or edit your webhook
- Paste the same secret into the “Secret” field
✅ Without a secure secret, anyone could pretend to be GitHub and send fake messages to your app.
📚 Glossary of Terms (Kid-Friendly)
| Term | Meaning |
|---|---|
Secret | A private code only your app and GitHub know |
OpenSSL | A tool that creates strong, random codes |
Terminal | A place where you type commands to control your computer |
Hexadecimal | A format for writing long codes using numbers and letters |
.env file | A file where you store secrets and settings for your app |
Webhook | A message GitHub sends to your app when something happens |
No comments:
Post a Comment