Reading a repository public key from GitHub Actions

I’m trying to update a secret from within a GitHub Action. As the first step in doing so, I’m trying to obtain the repository’s public key in order to sign the secret. There’s an API endpoint for that, and according to the docs,

Anyone with read access to the repository can use this endpoint.

Now, as far as I can see, the $GITHUB_TOKEN available in GitHub Actions should have read access. However, when I try to fetch the public key as follows:

    - name: Fetch public key using curl
      run: |
        curl --request GET \
        --url https://api.github.com/repos/${{ github.repository }}/actions/secrets/public-key \
        --header 'authorization: Bearer ${{ secrets.GITHUB_TOKEN }}' \
        --header 'accept: application/vnd.github.v3+json' \
      env:
        GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"

I get the following response:

 {
  "message": "Resource not accessible by integration",
  "documentation_url": "https://docs.github.com/rest/reference/actions#get-a-repository-public-key"
}

How come? Is what I’m trying to do feasible?

1 Like