Review the action's README file to learn about which inputs and environment variables the action expects. To make a secret available to an action, you must set the secret as an input or environment variable in the workflow file. For example, avoid creating secrets that contain JSON or encoded Git blobs. To help ensure that GitHub redacts your secret in logs, avoid using structured data as the values of secrets. Similarly, if an organization, repository, and environment all have a secret with the same name, the environment-level secret takes precedence. For example, if an organization-level secret has the same name as a repository-level secret, then the repository-level secret takes precedence. If a secret with the same name exists at multiple levels, the secret at the lowest level takes precedence. Names must be unique at the level they are created at.įor example, a secret created at the environment level must have a unique name in that environment, a secret created at the repository level must have a unique name in that repository, and a secret created at the organization level must have a unique name at that level. Names must not start with the GITHUB_ prefix.
Names can only contain alphanumeric characters (, , ) or underscores ( _). The following rules apply to secret names: For more information, see " About security hardening with OpenID Connect" Naming your secrets This will let you stop storing these credentials as long-lived secrets and provide other security benefits. If your GitHub Actions workflows need to access resources from a cloud provider that supports OpenID Connect (OIDC), you can configure your workflows to authenticate directly to the cloud provider.
0 kommentar(er)
