[Feature Request] Setting to allow secrets in PR's

Would we be allowed to have a repo-setting that allows secrets to be read in any PR. I’m thinking about forks.

Use case: private repo’s in a company/organization and the developers follow the fork-PR model. In this scenario, only approved developers have access to the private repo(s) and therefore we (the company) accepts the risks of malicious PR’s.

Cons: malicious PR’s could damage stuff.

Side note: pull_request_target currently offers this but it’s a really hard/poorly documented way to solve this issue.

Thanks kindly!

Hello - and thank you for this feedback!

Please submit your feedback via the new GitHub Feedback Discussions forum so that our product team can better track your request :slight_smile:. It’s a new thing, but we’re trying to push all product feedback to the same new area so it’s easier to find and consolidate user feedback!