LinuxCommandLibrary

gh-secret-set

Create or update GitHub Actions encrypted secrets

TLDR

Set secret interactively
$ gh secret set [SECRET_NAME]
copy
Set secret from value
$ echo "[value]" | gh secret set [SECRET_NAME]
copy
Set from file
$ gh secret set [SECRET_NAME] < [secret.txt]
copy
Set environment secret
$ gh secret set [SECRET_NAME] --env [production]
copy
Set with body flag
$ gh secret set [SECRET_NAME] --body "[value]"
copy

SYNOPSIS

gh secret set name [options]

DESCRIPTION

gh secret set creates or updates encrypted secrets for GitHub Actions. When run interactively, it prompts for the secret value securely without echoing to the terminal.
The command encrypts secrets using repository or organization public keys before transmission. Secrets can be scoped to specific environments for deployment workflows or to selected repositories in organizations. Pipe or redirect input to avoid exposing secrets in shell history.

PARAMETERS

NAME

Secret name.
--body VALUE
Secret value (avoid for sensitive data).
--env ENVIRONMENT
Target deployment environment.
--org ORGNAME
Set organization secret.
--repos REPOS
Limit to specific repositories.
--visibility SCOPE
Secret visibility scope.
--help
Display help information.

CAVEATS

Avoid --body for sensitive values (visible in history). Secrets encrypted in transit. Organization secrets need admin permissions.

HISTORY

gh secret set is part of the GitHub CLI's secret management commands, providing secure secret configuration for CI/CD workflows.

SEE ALSO

gh-secret(1), gh-run(1)

> TERMINAL_GEAR

Curated for the Linux community

Copied to clipboard