Part 2️⃣ – Personal Flow: Customizing & Securing Your Environment

[shinybrightstar]

🎯 Key Theme: 🔁 Repeatable Environment & Secure Secret Management

Last time, you tried your first Codespace and played around with a few API calls. Now, we’ll walk you through how to shape a repeatable environment and securely manage secrets.
The goal is to shift from simply getting oriented to truly personalizing your setup — by setting up a consistent environment and introducing secure secret management.
Why is this important? Because small customizations build trust, confidence, and a sense of ownership in your workflow.

---

🧠 Learning Outcomes

• Enumerate machine options & compare memory/CPU
• Manage a user-level secret (no hardcoding)
• Update an existing codespace’s machine type
• Export a codespace snapshot

🛠 Featured REST API Endpoints

🔍 Endpoints (click to open)

• List available machine types for a repository: GET /repos/{owner}/{repo}/codespaces/machines
• List machine types for a codespace: GET /user/codespaces/{codespace_name}/machines
• Update a codespace: PATCH /user/codespaces/{codespace_name}
• Export a codespace: POST /user/codespaces/{codespace_name}/exports
• Get export details: GET /user/codespaces/{codespace_name}/exports/{export_id}
• User secrets lifecycle:
  • List secrets: GET /user/codespaces/secrets
  • Get public key: GET /user/codespaces/secrets/public-key
  • Create or update secret: PUT /user/codespaces/secrets/{secret_name}
  • Delete secret: DELETE /user/codespaces/secrets/{secret_name}
  • Manage selected repositories (add/remove)

📦 Copy/Paste Friendly Snippets

# List available machine types for a repository
gh api /repos/{owner}/{repo}/codespaces/machines | jq '.machines[] | {name, memoryInGb, cpus}'

# List machine types for a specific codespace
gh api /user/codespaces/{codespace_name}/machines | jq '.'

# Update a codespace (example: change machine type)
gh api /user/codespaces/{codespace_name} -X PATCH -f machine='basicLinux32gb'

# Start an export
gh api /user/codespaces/{codespace_name}/exports -X POST

# Poll export details
gh api /user/codespaces/{codespace_name}/exports/{export_id}

# Secrets: list
gh api /user/codespaces/secrets

# Retrieve public key
gh api /user/codespaces/secrets/public-key

# Create/update a secret (requires encryption beforehand)
gh api /user/codespaces/secrets/{secret_name} -X PUT -f encrypted_value='...' -f key_id='...'

# Delete a secret
gh api /user/codespaces/secrets/{secret_name} -X DELETE

---

🧩 Micro-Tasks

• List machine types & record memory + CPU differences; choose a smaller one intentionally.
• Create or update user secret (API_TOKEN) via the public key encryption workflow.
• Verify secret availability inside codespace (echo $API_TOKEN)
• Export a codespace and fetch export details until status = completed
• Update a codespace to a different machine type & compare build time

---

⏱ 10-Minute Activity

Write a script that can:

• Fetch public key
• Encrypt a dummy secret (like “hello-world-token”)
• Create/update the secret
• List secrets to verify

🧪 Example Skeleton Script (for inspiration)

#!/usr/bin/env bash
set -euo pipefail

SECRET_NAME="DEMO_TOKEN"
PLAINTEXT="hello-world-token"

echo "Fetching public key..."
KEY_JSON=$(gh api /user/codespaces/secrets/public-key)
KEY_ID=$(echo "$KEY_JSON" | jq -r '.key_id')
PUBLIC_KEY=$(echo "$KEY_JSON" | jq -r '.key')

echo "Encrypting value..."
ENCRYPTED=$(python3 - <<'PY'
import base64, sys, nacl.encoding, nacl.public
public_key = "${PUBLIC_KEY}"
plaintext = "${PLAINTEXT}"
pk = nacl.public.PublicKey(public_key, nacl.encoding.Base64Encoder())
sealed_box = nacl.public.SealedBox(pk)
enc = sealed_box.encrypt(plaintext.encode())
print(base64.b64encode(enc).decode())
PY
)

echo "Creating/Updating secret..."
gh api /user/codespaces/secrets/${SECRET_NAME} -X PUT -f encrypted_value="$ENCRYPTED" -f key_id="$KEY_ID"

echo "Listing secrets..."
gh api /user/codespaces/secrets | jq -r '.secrets[].name' | grep -q "${SECRET_NAME}" && echo "Secret stored ✅"

Note

Requires pynacl (pip install pynacl) if run outside helper environment.

---

🔐 Security Mindset Shift

Secrets live in a scoped store—avoid placing them in devcontainer.json or committing them. The API lets you audit what exists without downloading values.

Tip

Pair secret creation with a cleanup practice (e.g., rotate or delete demo secrets after testing).

---

🛠 Troubleshooting (Add-on)

Symptom	Likely Cause	Quick Fix
401 Unauthorized	Not authenticated in CLI	gh auth login
Empty machine list	Wrong repo or permissions	Verify repo path & access
Secret not visible	Shell not reloaded / exported	Reopen terminal or `env
Export stuck	Poll interval too short	Wait 30–60s between polls
PATCH fails	Invalid machine type slug	List valid names first

---

🗣 Reflection

What’s one tiny customization (machine type, extension, secret) that made your environment feel more “yours,” and why?

✍ Quick Response Templates

• “Switching to the ___ machine type helped because ___.”
• “Adding the ___ extension reduced friction in ___.”
• “Creating a dummy secret (API_TOKEN) made me more confident about ___.”
• If you gave it a shot, even just a little, go ahead and give a thumbs up 👍

[shinybrightstar]

Hello GitHub Community! 🙂

We’re so glad you’re here! Twice a year, we check in to see how we can make this community even better for you.

We’d love your input! Our quick 5-minute survey helps us understand what’s working, what can improve, and how you like to participate. Every response is reviewed by our Community Engagement team and influences your future community experience.

⏳ Survey closes October 7, 2025—don’t miss your chance to share your thoughts!

We can't wait to hear from you! ✨
—The GitHub Community staff

P.S. Missed the last survey? Check out our insights & infographic from last time! 📊

[shinybrightstar]

Hey 👋

We’re excited to share that Part 3️⃣ – Team & Organization: Shared Standards and Access is now live!

👉 Check it out here: https://github.com/orgs/community/discussions/174467

Your voice matters and we’d love to hear from you! 🧩✨

[shinybrightstar]

Part 4️⃣ is here, and it’s all about small wins that scale.

We’re talking about the little scripts and automations that save time, reduce mess, and make your future self’s life easier.

Drop your thoughts in the comments. You might just inspire someone else (or find your next side project).

👉 Check it out here: https://github.com/orgs/community/discussions/174757