docs
docs copied to clipboard
github
Describe how to generate and output secrets
Why:
Closes #14927
What's being changed (if available, include any code snippets, screenshots, or gifs):
New sections are added for creating and outputting a secret within a job or across jobs.
Check off the following:
- [ ] I have reviewed my changes in staging (look for the "Automatically generated comment" and click the links in the "Preview" column to view your latest changes).
- [ ] For content changes, I have completed the self-review checklist.
Writer impact (This section is for GitHub staff members only):
- [ ] This pull request impacts the contribution experience
- [ ] I have added the 'writer impact' label
- [ ] I have added a description and/or a video demo of the changes below (e.g. a "before and after video")
Automatically generated comment ℹ️
This comment is automatically generated and will be overwritten every time changes are committed to this branch.
The table contains an overview of files in the content directory that have been changed in this pull request. It's provided to make it easy to review your changes on the staging site. Please note that changes to the data directory will not show up in this table.
Content directory changes
You may find it useful to copy this table into the pull request summary. There you can edit it to share links to important articles or changes and to give a high-level overview of how the changes in your pull request support the overall goals of the pull request.
| Source | Preview | Production | What Changed |
|---|---|---|---|
actions/using-workflows/workflow-commands-for-github-actions.md |
fpt ghec ghes@ 3.8 3.7 3.6 3.5 3.4 ghae |
fpt ghec ghes@ 3.8 3.7 3.6 3.5 3.4 ghae |
fpt: Free, Pro, Team ghec: GitHub Enterprise Cloud ghes: GitHub Enterprise Server ghae: GitHub AE
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@skedwards88 could we get some version of this PR merged in? It is important to help prevent secret leakage—you can see how many people commented on the original issue that is linked to.
Perhaps we can cut out the section on passing secrets between jobs, and do that as a second round? Or did you find a solution from any of the team members, as you mentioned looking into.
Another thing that should probably addressed is how to properly use/mask multi-line Secrets. The current documentation just says "don't do it because it's not secure", but I can guarantee that in the wild, many people are using multiline secrets without realizing that it's problematic.
Cheers
Multiline secrets is definitely an interesting edge.
We have multiline json secrets which result in { being treated as a secret...
The effort to get this PR happy makes me much less inclined to try to write that one... (admittedly, at this point I understand PowerShell a bit better right now, but I fully expect to forget w/in an hour).
Thanks very much for contributing! Your pull request has been merged 🎉 You should see your changes appear on the site in approximately 24 hours. If you're looking for your next contribution, check out our help wanted issues :zap: