Understanding actions access to secrets

In trying to understand the impact of the compromise of the codecov action, I’ve been trying to figure out exactly what an action has access to. My initial interpretation is that an action has access to anything in the workflow itself, but not beyond that, so if secrets do not appear anywhere in the workflow they are not available to the actions in that workflow. However, the docs about third-party actions include this statement:

compromise of a single action within a workflow can be very significant, as that compromised action would have access to all secrets configured on your repository, and can use the GITHUB_TOKEN to write to the repository

which suggests that all actions (when run from your own branches, not PRs) always have access to all secrets and the GITHUB_TOKEN . Is that accurate? If so, how does that work? I can't find any documentation for writing an action to access secrets without placing them in the workflow with e.g. `{{ secrets.NAME }}`. Or should the docs be updated to clarify that actions have access to everything in the workflow, which may include secrets and $GITHUB_TOKEN?

In the codecov example, there’s also the subtle difference between the action repo itself being compromised (hasn’t happened) and the code executed inside the action (this happened).

1 Like

GITHUB_TOKEN is usually available in .git/config because actions/checkout writes it there for authentication when using Git (and not the REST API) to retrieve the repository. If you provide a PAT that token will end up there instead, which is probably worse. Check the “Setting up auth” part of the step log.

I’m not aware of a way for an action to directly read arbitrary secrets, but if it can write to the repository (e.g. using GITHUB_TOKEN) it could modify or add a workflow and go from there.

I just tested this and interestingly, github doesn’t allow pushing changes to the .github/workflows directory:

! [remote rejected] HEAD -> dontmindme (refusing to allow a GitHub App to create or update workflow `.github/workflows/ruhroh.yml` without `workflows` permission)

So it’s not as easy as you might think to exfiltrate all secrets for a repo with only $GITHUB_TOKEN for repos in general. Of course, if a repo has other ci/utils.sh that’s probably modifiable, but must be tailored to the repo’s own workflows.

1 Like