Secrets on Team and Organization level

Thank you for the feedback.  This is something that is on our backlog for a future update.

44 Likes

This would be a tremendous improvement for us. We have many repositories under our org that we would like to switch to actions from travis. Having to specify half a dozen secrets on every repo would be painful.

10 Likes

This behavior is already available for issue and support template, as well as funding through org-wide .github repository like this one. I have started to work on a GitHub action to handle org-wide “labelling management” through a simple JSON definition but there is no org-wide events for now. So for the moment I will use GitHub API. Keep you in touch when I’ve got something stable.

We need secrets like AWS credentials on a larger number of repos. Having team/org secrets would be a *huge* improvement when it comes to rotating keys/credentials, so :+1:t2:

28 Likes

Documentation suggests that this only applies to public repos within an organzation. Is the documentation accurate?

1 Like

yes please - and at the “author” level for authors (ie have secrets somewhere in https://github.com/settings/profile that would apply to any repositories I have)

11 Likes

Could you be more specific? Release plan?

3 Likes

Any progress on this? Can we get an ETA and/or a status update?

4 Likes

this would also be good for github actions, if they ever opt to make anything team/org level with that.

2 Likes

Any updates on this or a Roadmap of to be implmented GitHub Action features? This one feature is make or break for us, no way are we managing hundred of secrets by hand.

5 Likes

The Actions API has been made available as a beta:

https://developer.github.com/changes/2020-01-28-actions-api/

With that, we should be able to write scripts that can roll out secrets to a bunch of repositories at once.

I would add a different use case for the same functionality.

We would like to be able to set Secrets at a Team level to be able to protect the usage of those secrets. When running an action for deployment to Production, we could have our ProdOps Team be the only ones to successfully run the production deployment workflow. We would like to protect our secrets through Team ownership.

5 Likes

We have written a tool to help with this: https://github.com/webfactory/secret-spreader

It is based on the brand-new (beta) GitHub API for Actions. See the README over at the repo for full details.

Feedback is very much appreciated!

2 Likes

We really need this.

We are having multiple github repositories with the same SECRETS, a key rotation will be a mess for us. 

Any news on this??

Check this out: https://github.com/webfactory/secret-spreader

1 Like

Well, I have well over 100 repositories, and simply cannot afford to create / update their secrets whenever I want to rotate keys.

Therefore, I created SecretHub - a CLI (written in Ruby) that lets you manage multiple secrets in multiple repositories with ease. If anyone can’t wait for official organization secrets from GitHub, feel free to use it.

$ secrethub
GitHub Secret Manager

Commands:
  list Show secrets for a repository
  save Create or update a secret in a repository
  delete Delete a secret from a repository
  bulk Update or delete multiple secrets from multiple repositories
1 Like

 I wrote a Github action to copy secrets from one repo to many. 

https://github.com/marketplace/actions/secrets-sync-action

3 Likes

Are there any plans on bringing secrets to an Organisation level?

Yes, it’s being worked on now.

16 Likes

I trust this thread will be updated once it is available?

2 Likes