Secrets on Team and Organization level


I think it’s a good idea to be able to define Secrets not only on repo level, but also on Team and Organization level to avoid duplication between repositories. 


Need help. First and maybe last

Thank you for the feedback.  This is something that is on our backlog for a future update.


This would be a tremendous improvement for us. We have many repositories under our org that we would like to switch to actions from travis. Having to specify half a dozen secrets on every repo would be painful.


This behavior is already available for issue and support template, as well as funding through org-wide .github repository like this one. I have started to work on a GitHub action to handle org-wide “labelling management” through a simple JSON definition but there is no org-wide events for now. So for the moment I will use GitHub API. Keep you in touch when I’ve got something stable.

We need secrets like AWS credentials on a larger number of repos. Having team/org secrets would be a *huge* improvement when it comes to rotating keys/credentials, so :+1:t2:


Documentation suggests that this only applies to public repos within an organzation. Is the documentation accurate?

1 Like

yes please - and at the “author” level for authors (ie have secrets somewhere in that would apply to any repositories I have)


Could you be more specific? Release plan?


Any progress on this? Can we get an ETA and/or a status update?


this would also be good for github actions, if they ever opt to make anything team/org level with that.


Any updates on this or a Roadmap of to be implmented GitHub Action features? This one feature is make or break for us, no way are we managing hundred of secrets by hand.


The Actions API has been made available as a beta:

With that, we should be able to write scripts that can roll out secrets to a bunch of repositories at once.

I would add a different use case for the same functionality.

We would like to be able to set Secrets at a Team level to be able to protect the usage of those secrets. When running an action for deployment to Production, we could have our ProdOps Team be the only ones to successfully run the production deployment workflow. We would like to protect our secrets through Team ownership.


We have written a tool to help with this:

It is based on the brand-new (beta) GitHub API for Actions. See the README over at the repo for full details.

Feedback is very much appreciated!


We really need this.

We are having multiple github repositories with the same SECRETS, a key rotation will be a mess for us. 

Any news on this??

Check this out:

1 Like

Well, I have well over 100 repositories, and simply cannot afford to create / update their secrets whenever I want to rotate keys.

Therefore, I created SecretHub - a CLI (written in Ruby) that lets you manage multiple secrets in multiple repositories with ease. If anyone can’t wait for official organization secrets from GitHub, feel free to use it.

$ secrethub
GitHub Secret Manager

  list Show secrets for a repository
  save Create or update a secret in a repository
  delete Delete a secret from a repository
  bulk Update or delete multiple secrets from multiple repositories
1 Like

 I wrote a Github action to copy secrets from one repo to many.


Are there any plans on bringing secrets to an Organisation level?