How to Manage Secrets in Github?

Secrets in Github help us to store and manage our Credentials and sensitive information and You can also reuse them in GitHub Actions. Let’s understand how it works in Github Actions and How we can manage them. Before Digging Deep into Managing. Let’s Understand its different levels.

Levels of Secrets

There are 3 Levels

1. Organizatinal Level
2. Repository Level
3. Environment Level

Let’s discuss these in detail.

Organizational Level Secrets:

1. Allows Secrets Management at Org. Level Without Duplication.
2. These Secrets Effectively Becomes Repository Secrets as well.
3. These Can Also be Scoped to Specific Repositories according to Your need.
4. It is not Available with Free plan

Repository Level:

1. Their Scope lies to the Repository
2. They Can override the org. level Secrets when you define them with same name
3. Available in Free Plan

Envrionment:

1. They Apply to a specifc envrionment.
2. It can override both the Repository Secrets and Environment Secrets.
3. So, only Users who are having Envrionment permissions can add or edit them.
4. This Available in Free plan for Public Repos only

Hierarchy of the levels

The Organizational level is defined at the Highest Level. We have repository secrets and after that finally, it’s Environment Level. When the Github Actions needs to access it. first, it goes to Environment. Then if there is nothing then it will go for repository and after repository, it will go for Organization.

Naming Convention For Secrets

• The names can only contain alphanumeric characters ([a-z], [A-Z], [0-9]) or underscores (_). Spaces are not allowed.
• It should not start with the GITHUB_ prefix or a Number.
• Names are not case-sensitive and must be unique at the level they are created at.

Creating Organization Secrets

While creating for an organization, a policy can be used which will limit repositories to access that secret. For example, You can grant access to all repositories or limit access to only private repositories or a specified list of repositories and Make sure you know about Naming Convention.

To create at the organizational level

1. On GitHub.com, navigate to the main page of the organization and Click on click  Settings.
2. In the left sidebar, click  Secrets , Select Actions as we are configuring for Actions.
3. Click New organization secret.
4. Type a name for your secret in the Name input box, Enter the Value for your secret.
5. From the Repository access dropdown list, choose an access policy.
6. Click Add secret.

Creating encrypted secrets for an environment

To create for an environment in a user account repository, you must be the repository owner and create it for an environment in an organization repository, you must have admin access.

1. On GitHub.com, navigate to the main page of the repository and Click on Settings.
2. In the left sidebar, click Environments. Click on the environment that you want to add a secret to.
3. Under Environment secrets, click Add secret.
4. Type a name for your secret in the Name input box.
5. Enter the value for your secret.
6. Click Add secret.

Creating Repository Secrets

So, To create for a user account repository, you must be the repository owner.

1. On GitHub.com, navigate to the main page of the repository.
2. Under your repository name, click  Settings.
3. In the left sidebar. click on Secrets and Select Actions as we are configuring for Actions.
4. Click New repository secret, Type a name for your secret in the Name input box.
5. Enter the Value and add the Secret.

Now you can use them in your Workflows.

Conclusion

This Blog was all about Managing Secrets at Various levels in Github. If you want to learn about CI/CD Using Github Actions you can visit this blog. So, If you liked this Blog. Please do comment and share this as this will motivate me to write more and more.

References

If you want to read more About it on Github, You can visit their official documentation here.