Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How to set secrets in Github Actions?

The official boilerplate code injects the npm token as follows

NODE_AUTH_TOKEN: ${{secrets.npm_token}}

How do I access and set this variable? I cant find it in the GUI.

like image 580
Souradeep Nanda Avatar asked Aug 28 '19 04:08

Souradeep Nanda


People also ask

Are GitHub Actions secrets secure?

To help prevent accidental secret disclosure, GitHub Actions automatically redact secrets printed to the log, but this is not a true security boundary because secrets can be intentionally sent to the log.

How do I set environment variables in GitHub Actions?

To set a custom environment variable, you must define it in the workflow file. The scope of a custom environment variable is limited to the element in which it is defined. You can define environment variables that are scoped for: The entire workflow, by using env at the top level of the workflow file.

How to add GitHub actions secrets for a repository?

To add GitHub Actions secrets for a repository, got to its Settings page, then select the Secrets tab, then click on the Add a new secret text button.

How do I set up a secret in GitHub?

On GitHub, navigate to the main page of the repository. Under your repository name, click Settings. In the left sidebar, click Secrets. Type a name for your secret in the "Name" input box. Type the value for your secret. Click Add secret.

How do I add a secret token to GitHub actions?

Secret tokens and GitHub Actions From the Settings tab of any repository, there’s an option to add a GitHub Actions secret. Simply provide a name for the secret and a corresponding value and click the green Add secret button.

What are encrypted secrets in GitHub actions?

Encrypted secrets allow you to store sensitive information in your organization, repository, or repository environments. Secrets are encrypted environment variables that you create in an organization, repository, or repository environment. The secrets that you create are available to use in GitHub Actions workflows.


Video Answer


3 Answers

  1. Go to your project in Github
  2. Select the Settings tab
  3. Click the Secrets section in the left hand menu
  4. Add a new secret and provide a name (e.g. npm_token) and a value.

How to add a secret

like image 131
Electric Sheep Avatar answered Oct 16 '22 18:10

Electric Sheep


In addition to the GUI, you now (January 2020) have a GitHub Actions API(!, still beta though), as announced here.

And it does include a GitHub Actions Secrets API:

Create or update an repository secret:

Creates or updates an organization secret with an encrypted value. Encrypt your secret using LibSodium.

You must authenticate using an access token with the admin:repo scope to use this endpoint.
GitHub Apps must have the secrets organization permission to use this endpoint.

PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}

Get a repository secret

Gets a single secret without revealing its encrypted value.
Anyone with write access to the repository can use this endpoint.
GitHub Apps must have the secrets permission to use this endpoint.

GET /repos/:owner/:repo/actions/secrets/:name

So the GUI is no longer the sole option: you can script and get/set an Actions secret through this new API.

like image 37
VonC Avatar answered Oct 16 '22 18:10

VonC


This page is hard to find, but it exists in the official docs here: Creating and using secrets (encrypted variables).

Copied from the docs below for convenience:

Secret names cannot include any spaces. To ensure that GitHub redacts your secret in logs, avoid using structured data as the values of secrets, like JSON or encoded Git blobs.

  1. On GitHub, navigate to the main page of the repository.
  2. Under your repository name, click Settings. repository settings button
  3. In the left sidebar, click Secrets.
  4. Type a name for your secret in the "Name" input box.
  5. Type the value for your secret.
  6. Click Add secret.

The link above has a bit more info around using secrets as well.

like image 1
Taylor D. Edmiston Avatar answered Oct 16 '22 19:10

Taylor D. Edmiston