From b0eee6d140df16add265bf66a960ef2419c83330 Mon Sep 17 00:00:00 2001 From: Kevin Backhouse Date: Tue, 16 Dec 2025 12:42:02 +0000 Subject: [PATCH 1/4] Update secrets advice. --- README.md | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 07761bd..2b098ba 100644 --- a/README.md +++ b/README.md @@ -36,17 +36,20 @@ Python >= 3.9 or Docker ## Configuration -Provide a GitHub token for an account that is entitled to use [GitHub Models](https://models.github.ai) via the `AI_API_TOKEN` environment variable. Further configuration is use case dependent, i.e. pending which MCP servers you'd like to use in your taskflows. +Provide a GitHub token for an account that is entitled to use [GitHub Models](https://models.github.ai) via the `AI_API_TOKEN` environment variable. Further configuration is use case dependent, i.e. pending which MCP servers you'd like to use in your taskflows. In a terminal, you can add `AI_API_TOKEN` to the environment like this: -You can set persisting environment variables via an `.env` file in the project root. +```sh +export AI_API_TOKEN= +``` + +Or, if you are using GitHub Codespaces, then you can [add a codespace secret](https://github.com/settings/codespaces/secrets/new) so that `AI_API_TOKEN` is always available in your codespace. + +We do not recommend storing secrets on disk, but you can persist non-sensitive environment variables by adding a `.env` file in the project root. Example: ```sh -# Tokens -AI_API_TOKEN= # MCP configs -GH_TOKEN= CODEQL_DBS_BASE_PATH="/app/my_data/codeql_databases" AI_API_ENDPOINT="https://models.github.ai/inference" ``` From 55ad1dde2198a9553f54389fad8568155bbba591 Mon Sep 17 00:00:00 2001 From: Kevin Backhouse Date: Tue, 16 Dec 2025 12:42:44 +0000 Subject: [PATCH 2/4] Update README.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 2b098ba..0f921ee 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ Provide a GitHub token for an account that is entitled to use [GitHub Models](ht export AI_API_TOKEN= ``` -Or, if you are using GitHub Codespaces, then you can [add a codespace secret](https://github.com/settings/codespaces/secrets/new) so that `AI_API_TOKEN` is always available in your codespace. +Or, if you are using GitHub Codespaces, then you can [add a codespace secret](https://github.com/settings/codespaces/secrets/new) so that `AI_API_TOKEN` is automatically available when working in a codespace. We do not recommend storing secrets on disk, but you can persist non-sensitive environment variables by adding a `.env` file in the project root. From 96bc382b5e095d6dd5f8ef7935bf641411bdf325 Mon Sep 17 00:00:00 2001 From: Kevin Backhouse Date: Tue, 16 Dec 2025 12:59:18 +0000 Subject: [PATCH 3/4] Update README.md Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 0f921ee..86458d0 100644 --- a/README.md +++ b/README.md @@ -42,7 +42,7 @@ Provide a GitHub token for an account that is entitled to use [GitHub Models](ht export AI_API_TOKEN= ``` -Or, if you are using GitHub Codespaces, then you can [add a codespace secret](https://github.com/settings/codespaces/secrets/new) so that `AI_API_TOKEN` is automatically available when working in a codespace. +Or, if you are using GitHub Codespaces, then you can [add a Codespace secret](https://github.com/settings/codespaces/secrets/new) so that `AI_API_TOKEN` is automatically available when working in a Codespace. We do not recommend storing secrets on disk, but you can persist non-sensitive environment variables by adding a `.env` file in the project root. From 332d9e4c0bc7fb13aa0f4299fa0aa390532a8d0b Mon Sep 17 00:00:00 2001 From: Kevin Backhouse Date: Tue, 16 Dec 2025 15:09:47 +0000 Subject: [PATCH 4/4] Add comment about GH_TOKEN. --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 86458d0..2730a71 100644 --- a/README.md +++ b/README.md @@ -44,6 +44,12 @@ export AI_API_TOKEN= Or, if you are using GitHub Codespaces, then you can [add a Codespace secret](https://github.com/settings/codespaces/secrets/new) so that `AI_API_TOKEN` is automatically available when working in a Codespace. +Many of the MCP servers in the [seclab-taskflow](https://github.com/GitHubSecurityLab/seclab-taskflows) repo also need an environment variable named `GH_TOKEN` for accessing the GitHub API. You can use two separate PATs if you want, or you can use one PAT for both purposes, like this: + +```sh +export GH_TOKEN=$AI_API_TOKEN +``` + We do not recommend storing secrets on disk, but you can persist non-sensitive environment variables by adding a `.env` file in the project root. Example: