Github Apps to add secrets

Can Github Apps API add secrets to repos to be used in Github Actions? It doesn’t appear to be listed but would be tremendously helpful. 

It is also not yet in the REST v3 Repositories API so even users can’t do it with their personal access tokens. 

Is this in the timeline soon and am I missing anything? Thanks so much in advance!

55 Likes

No, it isn’t currently possible to add secrets using either the REST or GraphQL API. I can’t make any promises as to when or if it will be added, but I’ll pass along the feedback to the team.

Thanks for reaching out.

11 Likes

+1 on this. We want to be able to update the secret with short-TTL temporary credentials to limit exposure due to unintended disclosure. The ability to automatically update / rotate secrets is a must.

6 Likes

+1 for this. We require this capability to automate secret rotation. 

7 Likes

Same here, having an API that allows us to add secrets would be really key for us.

5 Likes

We definitely need this, without this we cannot use Github Actions (we have workflows that we MUST dynamically generate the secrets and upload to Github, we cannot do this operation manually through UI). Is there a timeline or workaround?

4 Likes

Any update on this? Pretty surprising the API doesn’t have endpoints for this.

2 Likes

Hi all,

We’re working on building this for you all now. I don’t have a date yet for when it will ship. Will announce on the change log when available.

23 Likes

Thank you @mscoutermarsh!

Thanks! That will be really useful for us.

any update on this?

2 Likes

+1. 

It will be really useful

Soon :).

Keep an eye on https://twitter.com/ghchangelog.

1 Like

Update: this is now available :slight_smile:

https://developer.github.com/v3/actions/secrets/

5 Likes

We have written a tool to track secrets usage and provide a way for centralized rotation: https://github.com/webfactory/secret-spreader

It is based on the brand-new (beta) GitHub API for Actions. See the README over at the repo for full details.

Feedback is very much appreciated!

Awesome work!

With this API I have written a CLI tool, to quickly rotate all my github action’s AWS credentials.

https://github.com/blacha/github-secret-rotate