secrets
Creates, updates, deletes, gets or lists a secrets resource.
Overview
| Name | secrets |
| Type | Resource |
| Id | github.actions.secrets |
Fields
The following fields are returned by SELECT queries:
- get_environment_secret
- get_repo_secret
- list_environment_secrets
- get_org_secret
- list_repo_secrets
- list_org_secrets
Response
| Name | Datatype | Description |
|---|---|---|
name | string | The name of the secret. (example: SECRET_TOKEN) |
created_at | string (date-time) | |
updated_at | string (date-time) |
Response
| Name | Datatype | Description |
|---|---|---|
name | string | The name of the secret. (example: SECRET_TOKEN) |
created_at | string (date-time) | |
updated_at | string (date-time) |
Response
| Name | Datatype | Description |
|---|---|---|
secrets | array | |
total_count | integer |
Response
| Name | Datatype | Description |
|---|---|---|
name | string | The name of the secret. (example: SECRET_TOKEN) |
created_at | string (date-time) | |
selected_repositories_url | string (uri) | (example: https://api.github.com/organizations/org/secrets/my_secret/repositories) |
updated_at | string (date-time) | |
visibility | string | Visibility of a secret (all, private, selected) |
Response
| Name | Datatype | Description |
|---|---|---|
secrets | array | |
total_count | integer |
Response
| Name | Datatype | Description |
|---|---|---|
secrets | array | |
total_count | integer |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get_environment_secret | select | owner, repo, environment_name, secret_name | Gets a single environment secret without revealing its encrypted value. Authenticated users must have collaborator access to a repository to create, update, or read secrets. OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint. | |
get_repo_secret | select | owner, repo, secret_name | Gets a single repository secret without revealing its encrypted value. The authenticated user must have collaborator access to the repository to use this endpoint. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint. | |
list_environment_secrets | select | owner, repo, environment_name | per_page, page | Lists all secrets available in an environment without revealing their encrypted values. Authenticated users must have collaborator access to a repository to create, update, or read secrets. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint. |
get_org_secret | select | org, secret_name | Gets a single organization secret without revealing its encrypted value. The authenticated user must have collaborator access to a repository to create, update, or read secrets OAuth tokens and personal access tokens (classic) need the admin:org scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint. | |
list_repo_secrets | select | owner, repo | per_page, page | Lists all secrets available in a repository without revealing their encrypted values. Authenticated users must have collaborator access to a repository to create, update, or read secrets. OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint. |
list_org_secrets | select | org | per_page, page | Lists all secrets available in an organization without revealing their encrypted values. Authenticated users must have collaborator access to a repository to create, update, or read secrets. OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint. If the repository is private, the repo scope is also required. |
create_or_update_environment_secret | insert | owner, repo, environment_name, secret_name, encrypted_value, key_id | Creates or updates an environment secret with an encrypted value. Encrypt your secret using LibSodium. For more information, see "Encrypting secrets for the REST API." Authenticated users must have collaborator access to a repository to create, update, or read secrets. OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint. | |
create_or_update_repo_secret | insert | owner, repo, secret_name, encrypted_value, key_id | Creates or updates a repository secret with an encrypted value. Encrypt your secret using LibSodium. For more information, see "Encrypting secrets for the REST API." Authenticated users must have collaborator access to a repository to create, update, or read secrets. OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint. | |
create_or_update_org_secret | insert | org, secret_name, encrypted_value, key_id, visibility | Creates or updates an organization secret with an encrypted value. Encrypt your secret using LibSodium. For more information, see "Encrypting secrets for the REST API." Authenticated users must have collaborator access to a repository to create, update, or read secrets. OAuth tokens and personal access tokens (classic) need the admin:org scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint. | |
delete_environment_secret | delete | owner, repo, environment_name, secret_name | Deletes a secret in an environment using the secret name. Authenticated users must have collaborator access to a repository to create, update, or read secrets. OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint. | |
delete_repo_secret | delete | owner, repo, secret_name | Deletes a secret in a repository using the secret name. Authenticated users must have collaborator access to a repository to create, update, or read secrets. OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint. | |
delete_org_secret | delete | org, secret_name | Deletes a secret in an organization using the secret name. Authenticated users must have collaborator access to a repository to create, update, or read secrets. OAuth tokens and personal access tokens (classic) need the admin:org scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint. |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
environment_name | string | The name of the environment. The name must be URL encoded. For example, any slashes in the name must be replaced with %2F. |
org | string | The organization name. The name is not case sensitive. |
owner | string | The account owner of the repository. The name is not case sensitive. |
repo | string | The name of the repository without the .git extension. The name is not case sensitive. |
secret_name | string | The name of the secret. |
page | integer | The page number of the results to fetch. For more information, see "Using pagination in the REST API." |
per_page | integer | The number of results per page (max 100). For more information, see "Using pagination in the REST API." |
SELECT examples
- get_environment_secret
- get_repo_secret
- list_environment_secrets
- get_org_secret
- list_repo_secrets
- list_org_secrets
Gets a single environment secret without revealing its encrypted value.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
SELECT
name,
created_at,
updated_at
FROM github.actions.secrets
WHERE owner = '{{ owner }}' -- required
AND repo = '{{ repo }}' -- required
AND environment_name = '{{ environment_name }}' -- required
AND secret_name = '{{ secret_name }}' -- required
;
Gets a single repository secret without revealing its encrypted value.
The authenticated user must have collaborator access to the repository to use this endpoint.
OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
SELECT
name,
created_at,
updated_at
FROM github.actions.secrets
WHERE owner = '{{ owner }}' -- required
AND repo = '{{ repo }}' -- required
AND secret_name = '{{ secret_name }}' -- required
;
Lists all secrets available in an environment without revealing their
encrypted values.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
SELECT
secrets,
total_count
FROM github.actions.secrets
WHERE owner = '{{ owner }}' -- required
AND repo = '{{ repo }}' -- required
AND environment_name = '{{ environment_name }}' -- required
AND per_page = '{{ per_page }}'
AND page = '{{ page }}'
;
Gets a single organization secret without revealing its encrypted value.
The authenticated user must have collaborator access to a repository to create, update, or read secrets
OAuth tokens and personal access tokens (classic) need theadmin:org scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
SELECT
name,
created_at,
selected_repositories_url,
updated_at,
visibility
FROM github.actions.secrets
WHERE org = '{{ org }}' -- required
AND secret_name = '{{ secret_name }}' -- required
;
Lists all secrets available in a repository without revealing their encrypted
values.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth app tokens and personal access tokens (classic) need the repo scope to use this endpoint.
SELECT
secrets,
total_count
FROM github.actions.secrets
WHERE owner = '{{ owner }}' -- required
AND repo = '{{ repo }}' -- required
AND per_page = '{{ per_page }}'
AND page = '{{ page }}'
;
Lists all secrets available in an organization without revealing their
encrypted values.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth app tokens and personal access tokens (classic) need the admin:org scope to use this endpoint. If the repository is private, the repo scope is also required.
SELECT
secrets,
total_count
FROM github.actions.secrets
WHERE org = '{{ org }}' -- required
AND per_page = '{{ per_page }}'
AND page = '{{ page }}'
;
INSERT examples
- create_or_update_environment_secret
- create_or_update_repo_secret
- create_or_update_org_secret
- Manifest
Creates or updates an environment secret with an encrypted value. Encrypt your secret using
LibSodium. For more information, see "Encrypting secrets for the REST API."
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
INSERT INTO github.actions.secrets (
encrypted_value,
key_id,
owner,
repo,
environment_name,
secret_name
)
SELECT
'{{ encrypted_value }}' /* required */,
'{{ key_id }}' /* required */,
'{{ owner }}',
'{{ repo }}',
'{{ environment_name }}',
'{{ secret_name }}'
;
Creates or updates a repository secret with an encrypted value. Encrypt your secret using
LibSodium. For more information, see "Encrypting secrets for the REST API."
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
INSERT INTO github.actions.secrets (
encrypted_value,
key_id,
owner,
repo,
secret_name
)
SELECT
'{{ encrypted_value }}' /* required */,
'{{ key_id }}' /* required */,
'{{ owner }}',
'{{ repo }}',
'{{ secret_name }}'
;
Creates or updates an organization secret with an encrypted value. Encrypt your secret using
LibSodium. For more information, see "Encrypting secrets for the REST API."
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth tokens and personal access tokens (classic) need theadmin:org scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
INSERT INTO github.actions.secrets (
encrypted_value,
key_id,
visibility,
selected_repository_ids,
org,
secret_name
)
SELECT
'{{ encrypted_value }}' /* required */,
'{{ key_id }}' /* required */,
'{{ visibility }}' /* required */,
'{{ selected_repository_ids }}',
'{{ org }}',
'{{ secret_name }}'
;
# Description fields are for documentation purposes
- name: secrets
props:
- name: owner
value: "{{ owner }}"
description: Required parameter for the secrets resource.
- name: repo
value: "{{ repo }}"
description: Required parameter for the secrets resource.
- name: environment_name
value: "{{ environment_name }}"
description: Required parameter for the secrets resource.
- name: secret_name
value: "{{ secret_name }}"
description: Required parameter for the secrets resource.
- name: org
value: "{{ org }}"
description: Required parameter for the secrets resource.
- name: encrypted_value
value: "{{ encrypted_value }}"
description: |
Value for your secret, encrypted with [LibSodium](https://libsodium.gitbook.io/doc/bindings_for_other_languages) using the public key retrieved from the [Get an organization public key](https://docs.github.com/rest/actions/secrets#get-an-organization-public-key) endpoint.
- name: key_id
value: "{{ key_id }}"
description: |
ID of the key you used to encrypt the secret.
- name: visibility
value: "{{ visibility }}"
description: |
Which type of organization repositories have access to the organization secret. `selected` means only the repositories specified by `selected_repository_ids` can access the secret.
valid_values: ['all', 'private', 'selected']
- name: selected_repository_ids
value:
- {{ selected_repository_ids }}
description: |
An array of repository ids that can access the organization secret. You can only provide a list of repository ids when the `visibility` is set to `selected`. You can manage the list of selected repositories using the [List selected repositories for an organization secret](https://docs.github.com/rest/actions/secrets#list-selected-repositories-for-an-organization-secret), [Set selected repositories for an organization secret](https://docs.github.com/rest/actions/secrets#set-selected-repositories-for-an-organization-secret), and [Remove selected repository from an organization secret](https://docs.github.com/rest/actions/secrets#remove-selected-repository-from-an-organization-secret) endpoints.
DELETE examples
- delete_environment_secret
- delete_repo_secret
- delete_org_secret
Deletes a secret in an environment using the secret name.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
DELETE FROM github.actions.secrets
WHERE owner = '{{ owner }}' --required
AND repo = '{{ repo }}' --required
AND environment_name = '{{ environment_name }}' --required
AND secret_name = '{{ secret_name }}' --required
;
Deletes a secret in a repository using the secret name.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
DELETE FROM github.actions.secrets
WHERE owner = '{{ owner }}' --required
AND repo = '{{ repo }}' --required
AND secret_name = '{{ secret_name }}' --required
;
Deletes a secret in an organization using the secret name.
Authenticated users must have collaborator access to a repository to create, update, or read secrets.
OAuth tokens and personal access tokens (classic) need theadmin:org scope to use this endpoint. If the repository is private, OAuth tokens and personal access tokens (classic) need the repo scope to use this endpoint.
DELETE FROM github.actions.secrets
WHERE org = '{{ org }}' --required
AND secret_name = '{{ secret_name }}' --required
;