Organization secrets showing up empty in private repo

Hi,

I am trying to use organization secret in my private organization repo. I am using the new free Team accounts. This secret is a Google cloud service account json file. It is around 2K size. I notice that these secrets are empty in GitHub actions during execution. This seems like a bug. Can you please fix this?

Regards,

Tamal

Hi @tamalsaha , 

I am sorry to tell you that using org-level secrets on a free plan, that secrets are not supported for private repos.  So it is not a bug. There should be some indicate in organization secrets tab and repo secrets tab. 

If you don’t see this notice in your org, please feel free to let me know. 

Hello, I have the same problem, and I don’t see the note that you’ve highlighted in your screenshot (e.g. for any repo of the pullpreview organization.

I also have the same issue. I successfully created a secret at the org level to see all private repositories called ACTION. When I go to print out the secret in the workflow (I am expecting to see ***), I see nothing. When I look at the string length it is 0.

- shell: bash
  env:
    SUPER_SECRET: ${{ secrets.ACTION }}
  run: |
    echo "$SUPER_SECRET"
    echo "${#SUPER_SECRET}"

I get the result:

echo “$SUPER_SECRET”

echo “${#SUPER_SECRET}”

shell: /bin/bash --noprofile --norc -e -o pipefail {0}

env:
pythonLocation: /opt/hostedtoolcache/Python/3.7.7/x64
SUPER_SECRET:

0

I see no documentation anywhere saying that this is not a free feature for private repos. Can anyone shed some light on this??

I am having the same issue. My private repository shows the organization level secret, not a disclaimer that they are not available.

You should see a message like this:

if your organization is on a free plan.

I don’t see that message, what I see is:

1 Like

@MarkStega Thanks for the screenshot! :bowing_man: Checked some data on our side, and something does not work correctly. For reference, here is what you should see:

I’ll look into this some more, we’ll fix this.

Our runs started failing recently, and after checking logs, we found out that all secrets are blank. This used to work earlier (i.e. org secrets were passed correctly into private repos), but now it doesn’t.

Why has this behaviour changed, why wasn’t it announced, and why isn’t it mentioned anywhere?
I see what @MarkStega sees as well:

This should be fixed now, you should correctly see a message indicating the private-repository behavior for organizations on a free plan.

I was just bitten by this. Even when the option to enable a secret for all private repos is disabled, there is an option to pick which repos a secret is for one by one, and private repos are shown there (and selectable). I assumed you still could pick private repos one by one if you can actually do it via the UI.

image

But then I also have the empty secret issue. If I go to the repo and define the same secret, I’m even told I’m overriding an organization secret, which I’m not apparently.

(another screenshot was here but apparently I can only embed one media since I’m a new user in the forums)

I understand the limitation but hopefully the UI can be improved to not offer enabling stuff that won’t work at all, it could save time and confusion to users :slight_smile:

The other image: