Is there a recommended way to handle build secrets?

[anwarhahjjeffersongeorge]

I have some secret values that I use cargo-make to inject into a build process. I'm not sure how to get them into cargo-make properly. Right now they're just hardcoded.

This is fine for now because I'm just testing, but I'd like to know if there is a more secure recommended way. I cannot use external CI/CD tools or integrations like GitHub Actions, Secrets Vault, etc to inject into the Makefile or fetch the secrets. For this project I am limited to cargo-make tasks and whatever I can do in Rust.

I tried to extend a separate makefile with the secrets and this worked, but they are still hardcoded in that file, so I don't know if I'm any better by doing it.

Thanks

[sagiegurari]

@anwarhahjjeffersongeorge try to look at load scripts:
https://github.com/sagiegurari/cargo-make#usage-load-scripts
which allow you to load external makefile via custom code (like doing wget or whatever...)
so you could load those secrets from somewhere more secure

[anwarhahjjeffersongeorge]

Thank you!