GitHub Community
Accessing secrets of custom action's repo #25912
-
|
It seems that custom actions do not have access to any secrets when used either from their own repository or from the repository they run in. They need all the secrets to be passed in via parent workflow. I find this limiation rather frustrating. If I have an action that for example uploads to some server using a secret I would like to have that secret stored in the repo of the action. Users of the action should not care that any secrets is even used to perform some internal processing. Yet there is no access to that secret. So the only option is to either force the user of the action to pass in the secret (they should not care about in the first place or even know it exists) or hard-code the secret in the action’s code which is not very secure… Is there any other option? |
Beta Was this translation helpful? Give feedback.
Replies: 4 comments 1 reply
-
|
Hi @mv185095, Glad to see you in Github Community Forum!
If you’d like the action to perform some internal processing without user input, you have to make it readable to the action, hardcode or can be decrypted in the action, secrets in the action repository is not supported. Thanks |
Beta Was this translation helpful? Give feedback.
-
|
I will hardcode encrypted secret in the action repo then. Thanks for the explanation. |
Beta Was this translation helpful? Give feedback.
-
|
Is this still the case, two years after ? |
Beta Was this translation helpful? Give feedback.
-
|
I agree with the op. Users outside my action shouldn't now or care I am using a secret inside my action. This would be especially useful in an internal org action. |
Beta Was this translation helpful? Give feedback.
-
|
I think this is a big issue. I am creating a Custom Action for an open-source project and this action - along its entire logic - communicates with an external API that requires an Why it is not possible to have a simple solution to to make an internal secret readable from the custom action itself. This will simplify the problems I mentioned before. |
Beta Was this translation helpful? Give feedback.
Hi @mv185095,
Glad to see you in Github Community Forum!
To make a secret available to an action, you must set the secret as an input or environment variable in the workflow file.It’s mentioned in the official doc here.If you’d like the action to perform some internal processing without user input, you have to make it readable to the action, hardcode or can be decrypted in the action, secrets in the action repository is not supported.
Thanks