Managing GitHub Secrets with gh secret (with examples)
List secret keys for the current repository
Code:
gh secret list
Motivation: By listing the secret keys for the current repository, you can easily view all the secrets that have been set up and their associated names. This can be helpful for understanding the available secrets and managing them effectively.
Explanation:
The gh secret list command is used to list the secret keys for the current repository. It doesn’t require any additional arguments.
Example Output:
NAME CREATED AT
API_KEY 2022-01-01T12:00:00Z
ACCESS_TOKEN 2022-01-02T09:30:00Z
This output indicates that there are two secrets set up in the repository, named “API_KEY” and “ACCESS_TOKEN”. It also shows the creation timestamps for each secret.
List secret keys for a specific organization
Code:
gh secret list --org <organization>
Motivation: When working with an organization that has multiple repositories, it can be useful to list the secret keys across all repositories within that organization. This allows you to have a centralized view of the secrets used by different projects within the organization.
Explanation:
The gh secret list command can be used with the --org flag followed by the organization name to list the secret keys for all repositories within that organization.
Example Output:
REPO NAME CREATED AT
org/repo1 API_KEY 2022-01-01T12:00:00Z
org/repo1 ACCESS_TOKEN 2022-01-02T09:30:00Z
org/repo2 API_KEY 2022-01-03T15:45:00Z
This output shows the secret keys for repositories within the specified organization. Each secret is associated with the repository where it is set up.
List secret keys for a specific repository
Code:
gh secret list --repo <owner>/<repository>
Motivation: In certain situations, you may only want to view the secret keys for a specific repository. This can be beneficial when you are working on a particular project and want to focus on the secrets associated with that repository.
Explanation:
Using the --repo flag followed by the owner and repository name allows you to list the secret keys for a specific repository.
Example Output:
NAME CREATED AT
API_KEY 2022-01-01T12:00:00Z
ACCESS_TOKEN 2022-01-02T09:30:00Z
This output displays the secret keys for the specified repository. It provides visibility into the secrets used within that specific project.
Set a secret for the current repository
Code:
gh secret set <name>
Motivation: Setting secrets for a repository allows you to securely store sensitive information, such as API keys or access tokens, that can be used in your workflows. This ensures that these secrets are not exposed in the repository code or configuration files.
Explanation:
To set a secret for the current repository, use the gh secret set command followed by the desired secret name. Upon execution, you will be prompted to enter the value for the secret.
Example Output:
? Value: ********
This output represents a prompt for entering the value of the secret. The input provided by the user is hidden for security reasons.
Set a secret from a file for the current repository
Code:
gh secret set <name> < <path/to/file>
Motivation: In some cases, you may have secrets stored in files that you want to set for a repository. This can be convenient when you have the secret value saved in a file and want to easily set it without manually entering the value.
Explanation:
The gh secret set command can be used with the desired secret name, followed by < and the path to the file containing the secret value. This allows you to set the secret from the contents of the file.
Example Output:
Secret 'API_KEY' updated.
This output indicates that the secret with the name “API_KEY” has been successfully updated with the value from the specified file.
Set an organization secret for specific repositories
Code:
gh secret set <name> --org <organization> --repos <repository1,repository2>
Motivation: When working with organization secrets, you may want to set the same secret for multiple repositories under that organization. This can save time and effort when managing secrets for projects within the organization.
Explanation:
To set an organization secret for specific repositories, use the gh secret set command followed by the desired secret name, the --org flag with the organization name, and the --repos flag followed by a comma-separated list of repository names.
Example Output:
Secret 'API_KEY' updated for repositories 'repo1' and 'repo2'.
This output confirms that the secret with the name “API_KEY” has been successfully updated for the specified repositories within the organization.
Remove a secret for the current repository
Code:
gh secret remove <name>
Motivation: At times, you may need to remove a secret from a repository, either to revoke access or because it is no longer needed. Removing secrets that are no longer required helps in maintaining a clean and secure repository environment.
Explanation:
To remove a secret from the current repository, use the gh secret remove command followed by the name of the secret you want to remove.
Example Output:
Secret 'API_KEY' removed.
This output indicates that the secret with the name “API_KEY” has been successfully removed from the repository.
Remove a secret for a specific organization
Code:
gh secret remove <name> --org <organization>
Motivation: When working with organization secrets, removing a secret from all repositories within the organization might be necessary. This can be due to security considerations or when a secret is no longer needed for any project within the organization.
Explanation:
The gh secret remove command can be used with the name of the secret you want to remove, followed by the --org flag and the organization name. This allows you to remove the secret from all repositories within that organization.
Example Output:
Secret 'API_KEY' removed from organization 'org'.
This output confirms that the secret with the name “API_KEY” has been successfully removed from all repositories within the organization.
By utilizing the various commands provided by gh secret, you can effectively manage and secure secrets in your GitHub repositories and organizations.
