Secrets scoped to branches

We’re thinking of setting up staging vs. production deploys in GitHub Actions from master vs. develop branches. Each deployment environment needs different secrets.

I know it’s possible to add multiple secrets to the repo and write workflow code to pick the correct secrets based on the current branch. But it would be really nice if GitHub Actions supported scoping secrets to specific branches. (@N-Usha from @AzureDevOps says this is a “much needed feature”.)

I have submitted feedback for to request this feature. Any hints of about if it is on the roadmap?

Maybe implementing this can help address some of the security concerns around secrets:
https://github.community/t5/GitHub-Actions/Support-for-Protected-Secrets/m-p/44007

https://github.community/t5/GitHub-Actions/hiding-secrets-from-actions-triggered-by-branches/m-p/46008

https://github.community/t5/GitHub-Actions/Limit-secrets-to-specific-branches/m-p/55633

https://github.community/t5/GitHub-Actions/How-to-prevent-repository-collaborators-from-triggering-workflow/m-p/37557#M2998

https://github.community/t5/GitHub-Actions/Question-on-actions-security/m-p/35028

1 Like

Could you share how you managed to do this? I cannot seem to get something similar to work.