Managing GitHub Secrets and Variables

Introduction

GitHub Actions supports secrets for sensitive data and variables for non-sensitive configuration. They can be defined at the repository, organization, or environment level.

Creating Secrets

Navigate to Settings > Secrets and variables > Actions.
Under Repository secrets, click New repository secret.
Give the secret a name and value, then click Add secret.

Use a secret in a workflow:

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - run: echo "$SECRET" | some-command
        env:
          SECRET: ${{ secrets.MY_SECRET }}

Defining Variables

From the same settings page, select Variables.
Click New repository variable and provide a name and value.
Reference the variable with ${{ vars.MY_VAR }} inside workflows.

Best Practices

Use environment secrets for deployments to staging or production.
Rotate secrets regularly and remove unused values.
Mask secrets in workflow logs using ::add-mask:: if needed.

Managing GitHub Secrets and Variables

Introduction

Creating Secrets

Defining Variables

Best Practices

Further Reading