GitHub Actions Encrypted Secrets are environment variables that are encrypted and only exposed to selected actions. Anyone with collaborator access to this repository can use these secrets in a workflow.
Secrets are not passed to workflows that are triggered by a Pull Request from a fork.
All scerets are stored on AWS parameterstore, with the exception of AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY, which are needed to bootstrap Github Action's workflow. With sufficient privileges, these are available under Settings/Secrets
Secrets may be:
- Added
- Updated
- Removed
Secrets can not be decrypted/viewed through the web portal, but only through workflows.