Personal secrets appear in container; org and repo secrets do not

I’ve got a private org repo where if I set a personal secret it manifests in the env inside the container, but repo and org secrets do not. This is despite the org secrets being scoped for the repo. Is there some additional step I’m missing for using repo and org secrets?

I can’t share the private repo, but the steps involved are

  • Create a new repo
  • Use the ‘create new file link’ to create a new, empty file
  • Then go to the repo settings > secrets and create a secret called TEST_SECRET_REPO
  • And go to your user settings > codespaces and create a secret called TEST_SECRET_PERSONAL
  • Now launch the codespace and use the terminal to printenv | grep TEST_SECRET
  • The personal secret appears; the repo secret does not

EDIT: This was a bit prematurely optimistic of me

Figured this out - there are two sets of secrets!

Well that’s frustrating. Going repo settings > secrets > codespaces and setting variables there does indeed work on a private test repo created by me, but seemingly does not on a repo created by my organisation. The secrets still don’t appear in the container there.

Lord almighty, I feel like I’ve been gaslighted by an API here. Turns out that the secrets for private image registries are elided, so they don’t show up in the env even if you get them right.

Means there’s no way to tell if you’ve got the secrets right other than to re-build the container :scream: