Skip to main content

Managing encrypted secrets for your repository and organization for GitHub Codespaces

Encrypted secrets allow you to store sensitive information in your organization, repository, or GitHub Codespaces.

Who can use this feature

To manage secrets for GitHub Codespaces for an organization, you must be an organization owner.

GitHub Codespaces 可用于使用 GitHub Team 或 GitHub Enterprise Cloud 的组织。 GitHub Codespaces 也可作为受限的 beta 版本提供给使用 GitHub Free 和 GitHub Pro 计划的个人用户。 有关详细信息,请参阅“GitHub 的产品”。

About secrets

Secrets are encrypted environment variables that you create in an organization or repository. The secrets that you create are available to use in GitHub Codespaces. GitHub uses a libsodium sealed box to encrypt secrets before they reach GitHub and only decrypts them when you use them in a codespace.

Organization-level secrets let you share secrets between multiple repositories, which reduces the need to create duplicate secrets. You can use access policies to control which repositories can use organization secrets.

Once you have created a secret, it will be available when you create a new codespace or restart the codespace. To use a secret that you've just created in a current codespace, you will need to stop the codespace and resume it. For information about stopping the codespace, see "Using the Visual Studio Code Command Palette in GitHub Codespaces."

Naming secrets

以下规则适用于密码名称:

  • 密钥名称只能包含字母数字字符([a-z][A-Z][0-9])或下划线 (_)。 不允许空格。

  • 机密名称不得以 GITHUB_ 前缀开头。

  • 密码名称不能以数字开头。

  • 机密名称不区分大小写。

  • 密码名称在所创建的级别上必须是唯一的。 For example, a secret created at the repository level must have a unique name in that repository, and a secret created at the organization level must have a unique name at that level.

    如果具有相同名称的机密存在于多个级别,则级别最低的机密优先。 例如,如果组织级别密码的名称与仓库级别的密码相同,则仓库级别的密码优先。

Limits for secrets

You can store up to 100 secrets per organization and 100 secrets per repository.

Secrets are limited to 64 KB in size.

Adding secrets for a repository

To create secrets for an organization repository, you must have administrator access.

  1. 在 GitHub.com 上,导航到存储库的主页。

  2. 在存储库名称下,单击 “设置”。 “存储库设置”按钮

  3. In the "Security" section of the sidebar, select Secrets, then click Codespaces.

  4. At the top of the page, click New repository secret.

  5. Type a name for your secret in the Name input box.

  6. Enter the value for your secret.

  7. Click Add secret.

Adding secrets for an organization

When creating a secret in an organization, you can use a policy to limit which repositories can access that secret. For example, you can grant access to all repositories, or limit access to only private repositories or a specified list of repositories.

要在组织级别创建机密,必须具有 admin 访问权限。

  1. 在 GitHub.com 上,导航到组织的主页。

  2. 在组织名称下,单击“设置”。 组织设置按钮

  3. In the "Security" section of the sidebar, select Secrets, then click Codespaces.

  4. At the top of the page, click New organization secret.

  5. Type a name for your secret in the Name input box.

  6. Enter the Value for your secret.

  7. From the Repository access dropdown list, choose an access policy. Repository Access list with private repositories selected

  8. Click Add secret.

Reviewing access to organization-level secrets

You can check which access policies are applied to a secret in your organization.

  1. 在 GitHub.com 上,导航到组织的主页。

  2. 在组织名称下,单击“设置”。 组织设置按钮

  3. In the "Security" section of the sidebar, select Secrets, then click Codespaces.

  4. The list of secrets includes any configured permissions and policies. For example: Secrets list

  5. For more details on the configured permissions for each secret, click Update.

Further reading