gh-secret-set - Man Page
Create or update secrets
Examples (TL;DR)
- Set a secret for the current repository (user will be prompted for the value):
gh secret set name
- Set a secret from a file for the current repository:
gh secret set name < path/to/file
- Set a secret for a specific repository:
gh secret set name --body value --repo owner/repository
- Set an organization secret for specific repositories:
gh secret set name --org organization --repos "repository1,repository2,..."
- Set an organization secret with a specific visibility:
gh secret set name --org organization --visibility all|private|selected
Synopsis
gh secret set <secret-name> [flags]
Description
Set a value for a secret on one of the following levels: - repository (default): available to GitHub Actions runs or Dependabot in a repository - environment: available to GitHub Actions runs for a deployment environment in a repository - organization: available to GitHub Actions runs, Dependabot, or Codespaces within an organization - user: available to Codespaces for your user
Organization and user secrets can optionally be restricted to only be available to specific repositories.
Secret values are locally encrypted before being sent to GitHub.
Options
- -a, --app <string>
Set the application for a secret: {actions|codespaces|dependabot}
- -b, --body <string>
The value for the secret (reads from standard input if not specified)
- -e, --env <environment>
Set deployment environment secret
- -f, --env-file <file>
Load secret names and values from a dotenv-formatted file
- --no-store
Print the encrypted, base64-encoded value instead of storing it on Github
- -o, --org <organization>
Set organization secret
- -r, --repos <repositories>
List of repositories that can access an organization or user secret
- -u, ā--user
Set a secret for your user
- -v, --visibility <string> (default "private")
Set visibility for an organization secret: {all|private|selected}
Options Inherited from Parent Commands
- -R, --repo <[HOST/]OWNER/REPO>
Select another repository using the [HOST/]OWNER/REPO format
Example
# Paste secret value for the current repository in an interactive prompt $ gh secret set MYSECRET # Read secret value from an environment variable $ gh secret set MYSECRET --body "$ENV_VALUE" # Read secret value from a file $ gh secret set MYSECRET < myfile.txt # Set secret for a deployment environment in the current repository $ gh secret set MYSECRET --env myenvironment # Set organization-level secret visible to both public and private repositories $ gh secret set MYSECRET --org myOrg --visibility all # Set organization-level secret visible to specific repositories $ gh secret set MYSECRET --org myOrg --repos repo1,repo2,repo3 # Set user-level secret for Codespaces $ gh secret set MYSECRET --user # Set repository-level secret for Dependabot $ gh secret set MYSECRET --app dependabot # Set multiple secrets imported from the ".env" file $ gh secret set -f .env # Set multiple secrets from stdin $ gh secret set -f - < myfile.txt