Is there a way to limit access to a secret to a specific action? #27068
-
The idea is to ensure that a certain secret is only used in a specific way, which a speicifc custom action can guarantee. However, I cannot find a way to pass a secret to an action unless the secret is visible to the entire repo. Am I missing something? Is there some advanced secret-fu that would achieve this? If not, any plans? A comparable feature would be system credentials in Jenkins: they are not accessible by mere build scripts, only by plugins explicitly installed by the administrator. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment
-
stefan-wenig:
You aren’t, actions can’t access secrets unless the workflow explicitly provides them. As far as I’m aware that’s a design decision for security, so 3rd party actions can’t sneakily access secrets. |
Beta Was this translation helpful? Give feedback.
You aren’t, actions can’t access secrets unless the workflow explicitly provides them. As far as I’m aware that’s a design decision for security, so 3rd party actions can’t sneakily access secrets.