Skip to content

Github Action that can create or update secrets in the GitHub Actions API

License

Notifications You must be signed in to change notification settings

gliech/create-github-secret-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Repository files navigation

Create GitHub Secret Action

release

This action can create or update secrets in the GitHub Actions API. It supports both repository and organization secrets in a unified input syntax.

Usage

Basic example (creates a secret in the repository where the workflow file is located):

steps:
  - uses: gliech/create-github-secret-action@v1
    with:
      name: FRONT_DOOR_PASSWORD
      value: Eternia
      pa_token: ${{ secrets.PA_TOKEN }}

Create a secret in a different repository:

steps:
  - uses: gliech/create-github-secret-action@v1
    with:
      location: horde-prime/spire-network
      name: BROADCAST_FREQUENCY
      value: ${{ secrets.JAMMING_FREQUENCY }}
      pa_token: ${{ secrets.PAT_WRONG_HORDAK }}

Create a secret in an organization:

steps:
  - uses: gliech/create-github-secret-action@v1
    with:
      location: united-states-air-force
      name: NUCLEAR_LAUNCH_CODES
      value: '00000000'
      org_visibility: all
      pa_token: ${{ secrets.PAT_STRATEGIC_AIR_COMMAND }}

Inputs

name

(Required) Name of the secret that you want to create/update.

value

(Required) Value of the secret that you want to create/update.

This action cannot mask the provided secret value in workflow logs. If you do not want the secret value to appear in the output of your workflow run, you have to mask it before you provide it to this action as input.

location

Name of a GitHub repository or organization where you want to create/update a secret. Expects the notation owner/repo for repositories. Defaults to the repository that invoked the workflow.

pa_token

(Required) Personal access token with permission to modify repository or organization secrets.

For more information on PATs see the GitHub docs article on creating a personal access token. The GitHub Secrets API requires the repo scope to modify secrets in private repositories and the public_repo scope for public repositories. It requires admin:org scope to modify secrets in an organization.

org_visibility

Only used for organization secrets. Can be set to one of 3 values:

  • all will make the secret visible to all repositories in the organization
  • private makes it visible only to repositories that are not public
  • any other input value will be interpreted as a list of comma-seperated GitHub repository IDs, which will cause the created secret to be selectively visible only from these repositories

Defaults to private.

GitHub repository IDs are not repository URLs or names. They are a number used to identify repositories on GitHub specifically. For more information see the GitHub API documentation on repositories or this question on Stack Overflow.

Outputs

status

HTTP Status Code of the request against the GitHub API that created/updated the secret.

License

This project is licensed under the terms of the MIT License