Method/ability to share secrets across multiple repositories in an Organization #26971
-
Hello! This is one part question, but (I think) more a feature request. I’ve had a lot of luck experimenting with GitHub Actions for a few things I’ve used other CI platforms for, but one thing I’ve run up against is (what I think) is the lack of an ability to centralize and share secrets. For example — I’d like to be able to set up credentials to push static assets to S3, but I’d like to be able to not have to potentially go to 20+ different repositories and add those secrets manually. Not only would that be tedious, it’d be difficult to swap them in a single swoop if necessary. Perhaps it would be a feature that’d only make sense for Organizations (AKA every repository in an organization that meets X criteria will be able to tap into Y secrets) because that is a natural grouping. The use case here isn’t just laziness. 😉 I have a scenario where a new repository can get programmatically created (like, say, with a CLI tool) by a user of the Organization, who will do some work that’d eventually get compiled and deployed as a static site. Ideally it wouldn’t be up to them to also then go put in the credentials every single time they create one. But also happy to hear any suggestions of how to solve such a thing with the current offerings! Thank you! |
Beta Was this translation helpful? Give feedback.
Replies: 18 comments
-
Organization wide secrets could definitely be useful. We’ve talked about this internally a few times. Thanks for sharing your use case, makes our jobs easier. ❤️ I don’t have a timeline for this as at the moment. But can share it’s on the backlog for us to figure out. |
Beta Was this translation helpful? Give feedback.
-
+1. We have multiple repositories that consumer AWS and our internal package provider api keys and currently that would mean having our Our Cloud Engineering team manually copy secrets into multiple repositories. The ability to share secrets on an Org level and/or the ability to set secrets through an API would be super helpful. |
Beta Was this translation helpful? Give feedback.
-
Organization-wide secrets for GitHub Actions would be a hard requirement for my organization (and I imagine a large number of others) to consider moving our Jenkins CI pipelines to GitHub Actions. |
Beta Was this translation helpful? Give feedback.
-
+1 this would be very helpful. Having to recreate the same secrets (such as AWS access key/secret) across all of our repositories would definitely be a bit of a headache to maintain. |
Beta Was this translation helpful? Give feedback.
-
Any status update on this? AppVeyor already supports this. |
Beta Was this translation helpful? Give feedback.
-
Thanks everyone. Yes, we’ll build this. No timeline to share yet. |
Beta Was this translation helpful? Give feedback.
-
Even just exposing secret creation at the api level would at least allow a way to manage secrets across many repos. Our org has nearly 100 repos and I’m dreading trying to maintain common secrets across them - or worse worry over secret rotation in a sane way. |
Beta Was this translation helpful? Give feedback.
-
Yes. We’re working on it. 👍 |
Beta Was this translation helpful? Give feedback.
-
Is there an ETA? And by “Working on it”, do you mean it’s just in your backlog, or do you actually mean truly actively working on it? |
Beta Was this translation helpful? Give feedback.
-
Or maybe just letting us know how long it will take? 5 years? 2 years? 1 month? 3 months? Then we can at least consider workarounds in the meanwhile, if it’s going to take too long. |
Beta Was this translation helpful? Give feedback.
-
At my Company, Can you please share a date for the landing of this feature? |
Beta Was this translation helpful? Give feedback.
-
Hi, @mscoutermarsh Do you have anything to share now? Especially that you’ve released an API for secrets? While we can theoretically build it, we’re still leaning on a built-in solution by Github. |
Beta Was this translation helpful? Give feedback.
-
Hi @thisguychris, Nothing yet. We did the first release of the API as repository only so that we’d get it shipped faster. We still plan to do a later update enabling secrets management for orgs as well. We have a bunch of org level features on the roadmap. I don’t have a timeline for this yet, sorry. |
Beta Was this translation helpful? Give feedback.
-
Sorry, I missed this notification. It was on our backlog. Org level secrets are now actively being worked on. |
Beta Was this translation helpful? Give feedback.
-
Just adding my own +1 on this. It’s been a few months, is there a more narrow ETA on this? If not, no worries. Just an eager user here :slight_smile: |
Beta Was this translation helpful? Give feedback.
-
I saw there is that feature, that’s great! |
Beta Was this translation helpful? Give feedback.
-
Organization level secrets are now available. See here: https://github.blog/changelog/2020-05-14-organization-secrets/ |
Beta Was this translation helpful? Give feedback.
-
Thank you! This is great. 🎉 |
Beta Was this translation helpful? Give feedback.
Organization level secrets are now available.
See here: https://github.blog/changelog/2020-05-14-organization-secrets/