Accessing secrets of custom action's repo

It seems that custom actions do not have access to any secrets when used either from their own repository or from the repository they run in. They need all the secrets to be passed in via parent workflow. I find this limiation rather frustrating. If I have an action that for example uploads to some server using a secret I would like to have that secret stored in the repo of the action. Users of the action should not care that any secrets is even used to perform some internal processing. Yet there is no access to that secret.

So the only option is to either force the user of the action to pass in the secret (they should not care about in the first place or even know it exists) or hard-code the secret in the action’s code which is not very secure…

Is there any other option?

Hi @mv185095,

Glad to see you in Github Community Forum!

To make a secret available to an action, you must set the secret as an input or environment variable in the workflow file. It’s mentioned in the official doc here.

If you’d like the action to perform some internal processing without user input, you have to make it readable to the action, hardcode or can be decrypted in the action, secrets in the action repository is not supported.


I will hardcode encrypted secret in the action repo then. Thanks for the explanation.