Managing encrypted secrets for your repository and organization for Codespaces

Encrypted secrets allow you to store sensitive information in your organization, repository, or Codespaces.

To manage secrets for Codespaces for an organization, you must be an organization owner.

Codespaces is available for organizations using GitHub Team or GitHub Enterprise Cloud. 更多信息请参阅“GitHub 的产品”。

About secrets

Secrets are encrypted environment variables that you create in an organization or repository. The secrets that you create are available to use in Codespaces. GitHub uses a libsodium sealed box to encrypt secrets before they reach GitHub and only decrypts them when you use them in a codespace.

Organization-level secrets let you share secrets between multiple repositories, which reduces the need to create duplicate secrets. You can use access policies to control which repositories can use organization secrets.

Once you have created a secret, it will be available when you create a new codespace or restart the codespace. To use a secret that you've just created in a current codespace, you will need to stop the codespace and resume it. For information about stopping the codespace, see "Using the Command Palette in Codespaces."

Naming secrets

The following rules apply to secret names:

  • Secret names can only contain alphanumeric characters ([a-z], [A-Z], [0-9]) or underscores (_). Spaces are not allowed.

  • Secret names must not start with the GITHUB_ prefix.

  • Secret names must not start with a number.

  • Secret names are not case-sensitive.

  • Secret names must be unique at the level they are created at. For example, a secret created at the repository level must have a unique name in that repository, and a secret created at the organization level must have a unique name at that level.

    If a secret with the same name exists at multiple levels, the secret at the lower level takes precedence. For example, if an organization-level secret has the same name as a repository-level secret, then the repository-level secret takes precedence.

Limits for secrets

You can store up to 100 secrets per organization and 100 secrets per repository.

Secrets are limited to 64 KB in size.

Adding secrets for a repository

To create secrets for an organization repository, you must have administrator access.

  1. 在 GitHub 上,导航到仓库的主页面。
  2. 在仓库名称下,单击 Settings(设置)仓库设置按钮
  3. 在左侧边栏中,单击 Secrets(密码)
  4. Scroll down the page and under Secrets, select Codespaces. Codespaces option in side bar
  5. At the top of the page, click New repository secret.
  6. Type a name for your secret in the Name input box.
  7. Enter the value for your secret.
  8. Click Add secret.

Adding secrets for an organization

When creating a secret in an organization, you can use a policy to limit which repositories can access that secret. For example, you can grant access to all repositories, or limit access to only private repositories or a specified list of repositories.

要在组织级别创建密码,必须具有管理员访问权限。

  1. 在 GitHub 上,导航到组织的主页面。
  2. 在组织名称下,单击 Settings(设置)组织设置按钮
  3. 在左侧边栏中,单击 Secrets(密码)
  4. Scroll down the page and under Secrets, select Codespaces. Codespaces option in side bar
  5. At the top of the page, click New organization secret.
  6. Type a name for your secret in the Name input box.
  7. Enter the Value for your secret.
  8. From the Repository access dropdown list, choose an access policy. Repository Access list with private repositories selected
  9. Click Add secret.

Reviewing access to organization-level secrets

You can check which access policies are applied to a secret in your organization.

  1. 在 GitHub 上,导航到组织的主页面。
  2. 在组织名称下,单击 Settings(设置)组织设置按钮
  3. 在左侧边栏中,单击 Secrets(密码)
  4. The list of secrets includes any configured permissions and policies. For example: Secrets list
  5. For more details on the configured permissions for each secret, click Update.

此文档对您有帮助吗?隐私政策

帮助我们创建出色的文档!

所有 GitHub 文档都是开源的。看到错误或不清楚的内容了吗?提交拉取请求。

做出贡献

或, 了解如何参与。