How to use GitHub Actions secrets?

Short answer

GitHub Actions secrets are encrypted environment variables stored at the repository or organization level. They are injected into workflows at runtime and masked in logs.

Steps

1. Go to Settings > Secrets and variables > Actions.
2. Click New repository secret.
3. Reference the secret in your workflow.

Example

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Deploy
        run: ./deploy.sh
        env:
          API_KEY: ${{ secrets.API_KEY }}

Tips

• Use environment secrets for production deployments.
• Rotate secrets regularly.
• Never echo secrets in workflow steps.

Common issues

• Secrets are not passed to workflows triggered by forks.
• Organization secrets are not available to private forks.
• Masking may fail if the secret contains newlines or spaces.