Often it is necessary to use secrets within your workflows. Whether it is to authenticate to the API to notify users or connect to a cloud environment to deploy code. GitHub Secrets is the way you connect your secrets with your workflows.
Secrets can currently live at many levels:
- Organization
- Repository
- Environment
Per the GitHub documentation the limits for secrets are:
- 1000 Organization secrets
- 100 Repository secrets
- 100 Environment secrets
- 64KB in size
gpgcan be used to encrypt files and store them in the repo if you need more space
Secrets are encrypted with a libsodium sealed box and are not readable once you have stored them in your repository. When secrets would get printed to the workflow logs, GitHub attempts to hide them on a best effort basis. This helps prevent accidental leaks of your secrets, but diligent users can easily find ways to get your secrets leaked, so ensure that only trusted users have write access to your workflows when using secrets