GitHub Actions secrets are encrypted variables that are decrypted and made available to a workflow during the runtime. They are not passed to workflows that are triggered by a pull request from a fork of a repository.

These secrets are primarily used for setting sensitive environment variables that are required for running a job.


  NODE_AUTH_TOKEN: ${{secrets.npm_token}}

Another example:


Setting GitHub Actions secrets#

To se the secrets for a project, go to its Settings page. Eg:

GitHub Actions secrets add button

The click on the Add a new secret text button, it will open up the interface for setting the secret's name and value.

GitHub Actions secrets add interface

Give the secret a name (without spaces) and set the value, then click the Add secret button to set the secret.

Now you will be able to access the secret's value in your workflow on the secrets object.


To add GitHub Actions secrets for a repository, got to its Settings page, then select the Secrets tab, then click on the Add a new secret text button.

Tweet this | Share on LinkedIn |