LinuxCommandLibrary

gh-secret-set

Create or update GitHub secrets from the command line.

TLDR

Set a secret for the current repository (user will be prompted for the value)

$ gh secret set [name]
copy


Set a secret from a file for the current repository
$ gh secret set [name] < [path/to/file]
copy


Set a secret for a specific repository
$ gh secret set [name] --body [value] --repo [owner]/[repository]
copy


Set an organization secret for specific repositories
$ gh secret set [name] --org [organization] --repos "[repository1,repository2,...]"
copy


Set an organization secret with a specific visibility
$ gh secret set [name] --org [organization] --visibility [all|private|selected]
copy

SYNOPSIS

gh secret set <secret-name> [flags]

DESCRIPTION

Set a value for a secret on one of the following levels: - repository (default): available to Actions runs in a repository - environment: available to Actions runs for a deployment environment in a repository - organization: available to Actions runs within an organization - user: available to Codespaces for your user

Organization and user secrets can optionally be restricted to only be available to specific repositories.

Secret values are locally encrypted before being sent to GitHub.

OPTIONS

-b, --body <string>

The value for the secret (reads from standard input if not specified)

-e, --env <environment>

Set deployment environment secret

-f, --env-file <file>

Load secret names and values from a dotenv-formatted file

--no-store

Print the encrypted, base64-encoded value instead of storing it on Github

-o, --org <organization>

Set organization secret

-r, --repos <repositories>

List of repositories that can access an organization or user secret

-u, --user

Set a secret for your user

-v, --visibility <{all|private|selected}>

Set visibility for an organization secret: {all|private|selected}

OPTIONS INHERITED FROM PARENT COMMANDS

-R, --repo <[HOST/]OWNER/REPO>

Select another repository using the [HOST/]OWNER/REPO format

EXAMPLE

# Paste secret value for the current repository in an interactive prompt
$ gh secret set MYSECRET

# Read secret value from an environment variable
$ gh secret set MYSECRET --body "$ENV_VALUE"

# Read secret value from a file
$ gh secret set MYSECRET < myfile.txt

# Set secret for a deployment environment in the current repository
$ gh secret set MYSECRET --env myenvironment

# Set organization-level secret visible to both public and private repositories
$ gh secret set MYSECRET --org myOrg --visibility all

# Set organization-level secret visible to specific repositories
$ gh secret set MYSECRET --org myOrg --repos repo1,repo2,repo3

# Set user-level secret for Codespaces
$ gh secret set MYSECRET --user

# Set multiple secrets imported from the ".env" file
$ gh secret set -f .env

SEE ALSO

gh-secret(1)

Copied to clipboard