Can't read secrets public key of a public repository

The docs say that a repo’s public key, ie the key for encrypting secrets to be uploaded to the repo, eg for Actions, can be read by anyone who can read the repo. For a public repo, surely that’s everyone? And indeed the example in the docs shows a curl command being issued without any Authorization header.

However this doesn’t seem to work; I got a 403 forbidden.
Pick a public repo: curl -H accept:'application/vnd.github.v3+json' https://api.github.com/repos/kubernetes/kubernetes/actions/secrets/public-key

The error message is

{
  "message": "Must have admin rights to Repository.",
  "documentation_url": "https://docs.github.com/rest/reference/actions#get-a-repository-public-key"
}

so apparently not just read access but admin access. What gives?

I get the same result on a personal repo, but am able to read it when I give an access token with repo and workflow admin scopes, so there’s nothing fundamentally wrong with the repo.

1 Like