Hands-on demo – Creating encrypted secrets in GitHub Actions

Written by

Rajnish Kumar Jha

Under the topic

Azure DevOps

Dated:

December 3, 2024

Table Of Content

Hands-on demo – Creating encrypted secrets in GitHub Actions

GitHub provides the ability to create encrypted secrets at both the repository and organization levels. These secrets are secure variables that can be used in workflows to manage sensitive data like API keys, tokens, and credentials.

1. Creating Secrets for a Repository

Steps to Add Repository Secrets

Navigate to your GitHub repository.
Click Settings > Secrets and variables > Actions.
Click New repository secret.
Provide a Name and Value (the secret) and click Add secret.

Example: Repository Secrets

Name: MY_API_KEY
Value: super-secret-api-key

2. Creating Secrets for an Organization

Steps to Add Organization Secrets

Navigate to your GitHub organization.
Click Settings > Secrets and variables > Actions.
Click New organization secret.
Provide a Name and Value and click Add secret.

Example: Organization Secrets

Name: ORG_API_KEY
Value: organization-wide-api-key

Using Secrets in GitHub Actions

Secrets created at either the repository or organization level can be accessed securely in workflows using the $GITHUB_SECRETS_NAME syntax.

Using Repository Secrets in Workflows

Example: Using Repository Secrets


xxxxxxxxxx
16
1
name: Deploy to Production
2
on:
3
  push:
4
    branches:
5
     - main
6
jobs:
7
  deploy:
8
    runs-on: ubuntu-latest
9
    steps:
10
     - name: Checkout Repository
11
        uses: actions/checkout@v3
12
     - name: Deploy Application
13
        run: ./deploy.sh
14
        env:
15
          DATABASE_URL: ${{ secrets.DATABASE_URL }}
16
          API_KEY: ${{ secrets.MY_API_KEY }}

Using Organization Secrets in Workflows

Example: Using Organization Secrets


xxxxxxxxxx
16
1
name: Deploy to Production (Organization)
2
on:
3
  push:
4
    branches:
5
     - main
6
jobs:
7
  deploy:
8
    runs-on: ubuntu-latest
9
    steps:
10
     - name: Checkout Repository
11
        uses: actions/checkout@v3
12
     - name: Deploy Application
13
        run: ./deploy.sh
14
        env:
15
          DATABASE_URL: ${{ secrets.ORG_DATABASE_URL }}
16
          API_KEY: ${{ secrets.ORG_API_KEY }}

Best Practices for Using Secrets

Scope Secrets: Restrict secrets to specific repositories or workflows for security.
Secret Rotation: Regularly update and rotate secrets to maintain security.
Use Environment Variables: Keep secrets in environment variables within your workflow for enhanced security.

Summary

By using encrypted secrets for both repositories and organizations, you ensure secure access to sensitive data in GitHub Actions workflows.

Course Navigation Learn Azure DevOps from scratch

Exploring variables in Release Pipelines in Azu…

Exploring variables in Release Pipelines in Azure DevOp…

Learn how to implement a Change Log in GitHub

Learn how to implement a Change Log in GitHub A Change …

Exploring a detailed YAML templates in Azure De…

Exploring a detailed YAML templates in Azure DevOps Azu…

Delve into the Azure Bicep

Delve into the Azure Bicep Bicep is a domain-specific l…

Tags attached to this Post

About the Author

Rajnish Kumar Jha

MCT, MCSA, MCSE, MCAD, MCPD, MCTS, MCSD

My name is Rajnish Kumar Jha. I am Technical architect on Azure Cloud and .NET since 21+ years. I’ve worked for pioneer companies and as freelance trainer/consultant helping my clients to achieve their IT goals.

I find blogging, a great way to share back what I’ve learned all through my professional journey. You are welcome to connect or share feedback/suggestion here or through an email.