I have an application written in Node.js that I am deploying to the IBM Cloud infrastructure. Everything works great as long as I have the environment variables for the app embedded in my manifest.yml file. This isn't ideal since it keeps these secure values within my GitHub repository.
I use a .env file for my local testing and placing that in my .gitignore is great to ensure that it doesn't roll out to the Git repo, but having to place the values into my manifest really defeats the purpose.
Is there a way to ensure that my environment variables are kept between CI runs that I store on my IBM Cloud apps without resorting to storing them in the manifest?
If you are using Cloud Foundry, then I would recommend to take a look at how Cloud Foundry integrates with services. It allows to bind a service to an app, thereby making the credentials available. If you already have some services, like another database, you can utilize the concept of user-provided service. There is no need to set variables, it is managed by Cloud Foundry.
Those concepts integrate well with the Continuous Delivery service on IBM Cloud.