Environment Variables

This page documents all environment variables used in the Typper Figma Plugin Deploy action.

Required Variables

FIGMA_EMAIL

FIGMA_EMAIL
string
required
The email address used to log in to your Figma account.
Security Note: Store this value as a GitHub Secret.

FIGMA_PASSWORD

FIGMA_PASSWORD
string
required
Your Figma account password.
Security Note: Store this value as a GitHub Secret and never expose it in logs or repository files.

FIGMA_TOTP_SECRET

FIGMA_TOTP_SECRET
string
required
The TOTP secret key used for two-factor authentication.
Security Note: Store this value as a GitHub Secret. This is the base32 encoded secret provided when setting up 2FA.

Setting Up Environment Variables

In GitHub Secrets

  1. Navigate to your repository settings
  2. Go to Secrets and Variables > Actions
  3. Click “New repository secret”
  4. Add each required variable:
Name: FIGMA_EMAIL
Value: your.email@example.com

In Workflow File

Reference the secrets in your workflow file: 
jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Deploy Figma Plugin
        uses: typper-io/figma-plugin-deploy@v1
        env:
          FIGMA_EMAIL: ${{ secrets.FIGMA_EMAIL }}
          FIGMA_PASSWORD: ${{ secrets.FIGMA_PASSWORD }}
          FIGMA_TOTP_SECRET: ${{ secrets.FIGMA_TOTP_SECRET }}

Environment Protection

Using Protected Environments

Configure environment protection rules: 
jobs:
  deploy:
    runs-on: ubuntu-latest
    environment: production
    steps:
      - name: Deploy Figma Plugin
        uses: typper-io/figma-plugin-deploy@v1
        env:
          FIGMA_EMAIL: ${{ secrets.FIGMA_EMAIL }}
          FIGMA_PASSWORD: ${{ secrets.FIGMA_PASSWORD }}
          FIGMA_TOTP_SECRET: ${{ secrets.FIGMA_TOTP_SECRET }}

Environment-Specific Variables

Use different variables for different environments: 
jobs:
  deploy:
    runs-on: ubuntu-latest
    environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'staging' }}
    steps:
      - name: Deploy Figma Plugin
        uses: typper-io/figma-plugin-deploy@v1
        env:
          FIGMA_EMAIL: ${{ secrets.FIGMA_EMAIL }}
          FIGMA_PASSWORD: ${{ secrets.FIGMA_PASSWORD }}
          FIGMA_TOTP_SECRET: ${{ secrets.FIGMA_TOTP_SECRET }}

Security Best Practices

  1. Secret Management
    • Never log secret values
    • Rotate secrets regularly
    • Use environment protection rules
  2. Access Control
    • Limit access to secrets
    • Audit secret usage
    • Use separate accounts for different environments
  3. Monitoring
    • Monitor secret usage
    • Review workflow logs
    • Set up alerts for unauthorized access

Troubleshooting

Common Issues

Security Guide

Learn about security best practices

Action Inputs

See available action inputs