I think it's a good idea to be able to define Secrets not only on repo level, but also on Team and Organization level to avoid duplication between repositories.
Any updates on this or a Roadmap of to be implmented GitHub Action features? This one feature is make or break for us, no way are we managing hundred of secrets by hand.
The Actions API has been made available as a beta:
With that, we should be able to write scripts that can roll out secrets to a bunch of repositories at once.
I would add a different use case for the same functionality.
We would like to be able to set Secrets at a Team level to be able to protect the usage of those secrets. When running an action for deployment to Production, we could have our ProdOps Team be the only ones to successfully run the production deployment workflow. We would like to protect our secrets through Team ownership.
We have written a tool to help with this: https://github.com/webfactory/secret-spreader
It is based on the brand-new (beta) GitHub API for Actions. See the README over at the repo for full details.
Feedback is very much appreciated!
We really need this.
We are having multiple github repositories with the same SECRETS, a key rotation will be a mess for us.
Any news on this??
Well, I have well over 100 repositories, and simply cannot afford to create / update their secrets whenever I want to rotate keys.
Therefore, I created SecretHub - a CLI (written in Ruby) that lets you manage multiple secrets in multiple repositories with ease. If anyone can't wait for official organization secrets from GitHub, feel free to use it.
$ secrethub GitHub Secret Manager Commands: list Show secrets for a repository save Create or update a secret in a repository delete Delete a secret from a repository bulk Update or delete multiple secrets from multiple repositories