From 3ab47016afa8804c3bc9afa69b0f3fb58d51082a Mon Sep 17 00:00:00 2001
From: Harrison Ravazzolo <38767391+harrisonravazzolo@users.noreply.github.com>
Date: Wed, 4 Feb 2026 10:08:30 -0800
Subject: [PATCH 1/2] add enroll secret vars

---
 .github/workflows/workflow.yml           | 7 ++++++-
 teams/dedicated-devices.yml              | 2 +-
 teams/employee-issued-mobile-devices.yml | 2 +-
 teams/it-servers.yml                     | 2 +-
 teams/personal-mobile-devices.yml        | 2 +-
 teams/workstations.yml                   | 2 +-
 6 files changed, 11 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
index ed43679..380d53d 100644
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -34,8 +34,13 @@ jobs:
         with:
           # Run GitOps in dry-run mode for pull requests.
           dry-run-only: ${{ github.event_name == 'pull_request' && 'true' || 'false' }}
-        # Add FLEET_URL and FLEET_API_TOKEN to the repository secrets.
+        # Add the environment variables below to the repository secrets.
         # In addition, specify or add secrets for all the environment variables that are mentioned in the global/team YAML files.
         env:
           FLEET_URL: ${{ secrets.FLEET_URL }}
           FLEET_API_TOKEN: ${{ secrets.FLEET_API_TOKEN }}
+          FLEET_DEDICATED_DEVICES_ENROLL_SECRET: ${{ secrets.FLEET_DEDICATED_DEVICES_ENROLL_SECRET }}
+          FLEET_EMPLOYEE_ISSUED_MOBILE_DEVICES_ENROLL_SECRET: ${{ secrets.FLEET_EMPLOYEE_ISSUED_MOBILE_DEVICES_ENROLL_SECRET }}
+          FLEET_WORKSTATIONS_ENROLL_SECRET: ${{ secrets.FLEET_WORKSTATIONS_ENROLL_SECRET }}
+          FLEET_IT_SERVERS_ENROLL_SECRET: ${{ secrets.FLEET_IT_SERVERS_ENROLL_SECRET }}
+          FLEET_PERSONAL_MOBILE_DEVICES_ENROLL_SECRET: ${{ secrets.FLEET_PERSONAL_MOBILE_DEVICES_ENROLL_SECRET }}
diff --git a/teams/dedicated-devices.yml b/teams/dedicated-devices.yml
index 849eb79..524eb25 100644
--- a/teams/dedicated-devices.yml
+++ b/teams/dedicated-devices.yml
@@ -6,4 +6,4 @@ controls:
 software:
 team_settings:
   secrets:
-    - secret: "REPLACE_WITH_ENVIRONMENT_VARIABLE_1" # Learn how: https://fleetdm.com/guides/secrets-in-scripts-and-configuration-profiles#gitops
+    - secret: "$FLEET_DEDICATED_DEVICES_ENROLL_SECRET"
diff --git a/teams/employee-issued-mobile-devices.yml b/teams/employee-issued-mobile-devices.yml
index 14ba6a1..21435f1 100644
--- a/teams/employee-issued-mobile-devices.yml
+++ b/teams/employee-issued-mobile-devices.yml
@@ -6,4 +6,4 @@ controls:
 software:
 team_settings:
   secrets:
-    - secret: "REPLACE_WITH_ENVIRONMENT_VARIABLE_2" # Learn how: https://fleetdm.com/guides/secrets-in-scripts-and-configuration-profiles#gitops
+    - secret: "$FLEET_EMPLOYEE_ISSUED_MOBILE_DEVICES_ENROLL_SECRET"
diff --git a/teams/it-servers.yml b/teams/it-servers.yml
index a8b928c..a6c0a31 100644
--- a/teams/it-servers.yml
+++ b/teams/it-servers.yml
@@ -6,4 +6,4 @@ controls:
 software:
 team_settings:
   secrets:
-    - secret: "REPLACE_WITH_ENVIRONMENT_VARIABLE_4" # Learn how: https://fleetdm.com/guides/secrets-in-scripts-and-configuration-profiles#gitops
+    - secret: "$FLEET_IT_SERVERS_ENROLL_SECRET"
diff --git a/teams/personal-mobile-devices.yml b/teams/personal-mobile-devices.yml
index 84dc813..359eaf5 100644
--- a/teams/personal-mobile-devices.yml
+++ b/teams/personal-mobile-devices.yml
@@ -6,4 +6,4 @@ controls:
 software:
 team_settings:
   secrets:
-    - secret: "REPLACE_WITH_ENVIRONMENT_VARIABLE_3" # Learn how: https://fleetdm.com/guides/secrets-in-scripts-and-configuration-profiles#gitops
+    - secret: "$FLEET_PERSONAL_MOBILE_DEVICES_ENROLL_SECRET"
\ No newline at end of file
diff --git a/teams/workstations.yml b/teams/workstations.yml
index 9fbc0d4..67eaefc 100644
--- a/teams/workstations.yml
+++ b/teams/workstations.yml
@@ -6,4 +6,4 @@ controls:
 software:
 team_settings:
   secrets:
-    - secret: "REPLACE_WITH_ENVIRONMENT_VARIABLE_5" # Learn how: https://fleetdm.com/guides/secrets-in-scripts-and-configuration-profiles#gitops
+    - secret: "$FLEET_WORKSTATIONS_ENROLL_SECRET"
\ No newline at end of file

From b4d138a58c5ce970c042fca4b42e128bfe0ff82b Mon Sep 17 00:00:00 2001
From: Brock Walters <153771548+nonpunctual@users.noreply.github.com>
Date: Wed, 4 Feb 2026 13:17:18 -0500
Subject: [PATCH 2/2] Update environment variable declarations in workflow

Rearranged environment variable declarations in workflow.
---
 .github/workflows/workflow.yml | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/workflow.yml b/.github/workflows/workflow.yml
index 380d53d..82b411b 100644
--- a/.github/workflows/workflow.yml
+++ b/.github/workflows/workflow.yml
@@ -37,10 +37,12 @@ jobs:
         # Add the environment variables below to the repository secrets.
         # In addition, specify or add secrets for all the environment variables that are mentioned in the global/team YAML files.
         env:
-          FLEET_URL: ${{ secrets.FLEET_URL }}
           FLEET_API_TOKEN: ${{ secrets.FLEET_API_TOKEN }}
           FLEET_DEDICATED_DEVICES_ENROLL_SECRET: ${{ secrets.FLEET_DEDICATED_DEVICES_ENROLL_SECRET }}
           FLEET_EMPLOYEE_ISSUED_MOBILE_DEVICES_ENROLL_SECRET: ${{ secrets.FLEET_EMPLOYEE_ISSUED_MOBILE_DEVICES_ENROLL_SECRET }}
-          FLEET_WORKSTATIONS_ENROLL_SECRET: ${{ secrets.FLEET_WORKSTATIONS_ENROLL_SECRET }}
           FLEET_IT_SERVERS_ENROLL_SECRET: ${{ secrets.FLEET_IT_SERVERS_ENROLL_SECRET }}
           FLEET_PERSONAL_MOBILE_DEVICES_ENROLL_SECRET: ${{ secrets.FLEET_PERSONAL_MOBILE_DEVICES_ENROLL_SECRET }}
+          FLEET_URL: ${{ secrets.FLEET_URL }}
+          FLEET_WORKSTATIONS_ENROLL_SECRET: ${{ secrets.FLEET_WORKSTATIONS_ENROLL_SECRET }}
+          
+