From 36784639113e8be4ec40df2d2b9f2dd7123b28db Mon Sep 17 00:00:00 2001
From: Harrison Ravazzolo <38767391+harrisonravazzolo@users.noreply.github.com>
Date: Mon, 14 Jul 2025 17:00:49 -0400
Subject: [PATCH 1/4] adding secret vars as demo

---
 .github/workflows/workflow.yml          | 1 +
 lib/macos/scripts/secret-var-example.sh | 3 +++
 2 files changed, 4 insertions(+)
 create mode 100644 lib/macos/scripts/secret-var-example.sh

diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
index e994789f..3e6d4e24 100644
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -42,3 +42,4 @@ jobs:
           FLEET_GLOBAL_ENROLL_SECRET: ${{ secrets.FLEET_GLOBAL_ENROLL_SECRET }}
           FLEET_WORKSTATIONS_ENROLL_SECRET: ${{ secrets.FLEET_WORKSTATIONS_ENROLL_SECRET }}
           FLEET_WORKSTATIONS_CANARY_ENROLL_SECRET: ${{ secrets.FLEET_WORKSTATIONS_CANARY_ENROLL_SECRET }}
+          FLEET_SECRET_EXAMPLE_PASSWORD: ${{ secrets.FLEET_SECRET_EXAMPLE_PASSWORD }}
diff --git a/lib/macos/scripts/secret-var-example.sh b/lib/macos/scripts/secret-var-example.sh
new file mode 100644
index 00000000..273b2b53
--- /dev/null
+++ b/lib/macos/scripts/secret-var-example.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+echo "$FLEET_SECRET_EXAMPLE_PASSWORD"
\ No newline at end of file

From 286b7e48b1363dcfd57e8d8f193bef563bb9d4b0 Mon Sep 17 00:00:00 2001
From: Harrison Ravazzolo <38767391+harrisonravazzolo@users.noreply.github.com>
Date: Mon, 14 Jul 2025 17:10:45 -0400
Subject: [PATCH 2/4] updating readme, testing script

---
 README.md              | 2 +-
 teams/workstations.yml | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 938c4e8b..eb6703b1 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@ This is the starter repository for using [Fleet](https://fleetdm.com) with a Git
 
 1. Clone the [GitHub repository](https://github.com/fleetdm/fleet-gitops), create your own GitHub repository, and push your clone to your new repo. Note that a workflow will run once and fail because the required variables haven't been added (step 2 and 3).
 
-2. Add `FLEET_URL` and `FLEET_API_TOKEN` secrets to your new repository's secrets. Learn how [here](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository). Set `FLEET_URL` to your Fleet instance's URL (ex. https://organization.fleet.com). [Create an API-only user](https://fleetdm.com/docs/using-fleet/fleetctl-cli#create-api-only-user) with the "GitOps" role and set `FLEET_API_TOKEN` to your user's API token. If you're using Fleet Free, set the API-only user's role to global admin.
+2. Add `FLEET_URL` and `FLEET_API_TOKEN` secrets to your new repository's secrets. Learn how [here](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository). Set `FLEET_URL` to your Fleet instance's URL (ex. https://organization.fleet.com). [Create an API-only user](https://fleetdm.com/docs/using-fleet/fleetctl-cli#create-api-only-user) with the "GitOps" role and set `FLEET_API_TOKEN` to your user's API token. If you're using Fleet Free, set the API-only user's role to global admin. If you'd like to test out the functionality of secrets, define `$FLEET_SECRET_EXAMPLE_PASSWORD` in your repo.
 
 4. If you are using secrets to manage SSO metadata for Fleet SSO login or MDM SSO login, uncomment lines 22 and 23 in `gitops.sh`.
    - If you are using different variable names for your secrets, edit the appropriate line to reflect the correct variable name. 
diff --git a/teams/workstations.yml b/teams/workstations.yml
index d818561d..d9b820a3 100644
--- a/teams/workstations.yml
+++ b/teams/workstations.yml
@@ -21,6 +21,7 @@ controls:
   scripts:
     - path: ../lib/macos/scripts/remove-zoom-artifacts.script.sh
     - path: ../lib/macos/scripts/set-timezone.script.sh
+    - path: ../lib/macos/scripts/secret-var-example.sh
 team_settings:
   secrets:
     - secret: "$FLEET_WORKSTATIONS_ENROLL_SECRET"

From ca1a1023b9a86ea6c95d351749e5aea680f7fd30 Mon Sep 17 00:00:00 2001
From: Harrison Ravazzolo <38767391+harrisonravazzolo@users.noreply.github.com>
Date: Mon, 14 Jul 2025 17:31:48 -0400
Subject: [PATCH 3/4] update verbiage

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index eb6703b1..02a832b8 100644
--- a/README.md
+++ b/README.md
@@ -8,7 +8,7 @@ This is the starter repository for using [Fleet](https://fleetdm.com) with a Git
 
 1. Clone the [GitHub repository](https://github.com/fleetdm/fleet-gitops), create your own GitHub repository, and push your clone to your new repo. Note that a workflow will run once and fail because the required variables haven't been added (step 2 and 3).
 
-2. Add `FLEET_URL` and `FLEET_API_TOKEN` secrets to your new repository's secrets. Learn how [here](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository). Set `FLEET_URL` to your Fleet instance's URL (ex. https://organization.fleet.com). [Create an API-only user](https://fleetdm.com/docs/using-fleet/fleetctl-cli#create-api-only-user) with the "GitOps" role and set `FLEET_API_TOKEN` to your user's API token. If you're using Fleet Free, set the API-only user's role to global admin. If you'd like to test out the functionality of secrets, define `$FLEET_SECRET_EXAMPLE_PASSWORD` in your repo.
+2. Add `FLEET_URL` and `FLEET_API_TOKEN` secrets to your new repository's secrets. Learn how [here](https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions#creating-secrets-for-a-repository). Set `FLEET_URL` to your Fleet instance's URL (ex. https://organization.fleet.com). [Create an API-only user](https://fleetdm.com/docs/using-fleet/fleetctl-cli#create-api-only-user) with the "GitOps" role and set `FLEET_API_TOKEN` to your user's API token. If you're using Fleet Free, set the API-only user's role to global admin. If you'd like to test out the functionality of nesting secrets in scripts or config profiles, define `$FLEET_SECRET_EXAMPLE_PASSWORD` in your repository's secrets.
 
 4. If you are using secrets to manage SSO metadata for Fleet SSO login or MDM SSO login, uncomment lines 22 and 23 in `gitops.sh`.
    - If you are using different variable names for your secrets, edit the appropriate line to reflect the correct variable name. 

From 8477628f044b71b2e8d7f0f74575f2ef603dff9a Mon Sep 17 00:00:00 2001
From: Harrison Ravazzolo <38767391+harrisonravazzolo@users.noreply.github.com>
Date: Mon, 14 Jul 2025 18:51:59 -0400
Subject: [PATCH 4/4] fix spacing

---
 lib/macos/scripts/secret-var-example.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lib/macos/scripts/secret-var-example.sh b/lib/macos/scripts/secret-var-example.sh
index 273b2b53..f73a2f27 100644
--- a/lib/macos/scripts/secret-var-example.sh
+++ b/lib/macos/scripts/secret-var-example.sh
@@ -1,3 +1,3 @@
 #!/bin/bash
 
-echo "$FLEET_SECRET_EXAMPLE_PASSWORD"
\ No newline at end of file
+echo "$FLEET_SECRET_EXAMPLE_PASSWORD"