DEV Community

0 seconds of 2 minutes, 2 secondsVolume 90%
Press shift question mark to access a list of keyboard shortcuts
00:00
00:00
02:02
 
Brian Douglas for GitHub

Posted on • Edited on

1 1

Environment Scoped Secrets for GitHub Action Workflows

Secrets are encrypted environment variables that you create in an organization, repository, or environment. These secrets are also available to use in GitHub Actions workflows.

GitHub uses the open-source libsodium encryption library to ensure that secrets are encrypted before reaching GitHub and remaining encrypted until you use them in a workflow.

GitHub logo jedisct1 / libsodium

A modern, portable, easy to use crypto library.

Organization-level Secrets

For secrets stored at the organization-level, you can use access policies to control which repositories can use organization secrets. Organization-level secrets let you share secrets between multiple repositories, which reduces the need for creating duplicating secrets. Updating an organization secret in one location also ensures that the change takes effect in all repository workflows that use that secret.

select org level repo secrets

Repository Environment Secrets

For secrets stored at the environment level, you can enable required reviewers to control access to the secrets. A workflow job cannot access environment secrets until the required approvers approve.

environment based secrets

In my examples, I have a DATABASE_URL secret specifically for my staging environment.

If you want to see, this live in an action. Check out this GitHub Universe talk from Chris Patterson (GitHub Action PM).

This is part of my 28 days of Actions series. To get notified of more GitHub Action tips, follow the GitHub organization right here on Dev. Learn how to build action with Node.js

Image of Timescale

Timescale – the developer's data platform for modern apps, built on PostgreSQL

Timescale Cloud is PostgreSQL optimized for speed, scale, and performance. Over 3 million IoT, AI, crypto, and dev tool apps are powered by Timescale. Try it free today! No credit card required.

Try free

Top comments (0)

A Workflow Copilot. Tailored to You.

Pieces.app image

Our desktop app, with its intelligent copilot, streamlines coding by generating snippets, extracting code from screenshots, and accelerating problem-solving.

Read the docs

👋 Kindness is contagious

Immerse yourself in a wealth of knowledge with this piece, supported by the inclusive DEV Community—every developer, no matter where they are in their journey, is invited to contribute to our collective wisdom.

A simple “thank you” goes a long way—express your gratitude below in the comments!

Gathering insights enriches our journey on DEV and fortifies our community ties. Did you find this article valuable? Taking a moment to thank the author can have a significant impact.

Okay