Managing encrypted secrets for Codespaces

You can store sensitive information, like tokens, that you want to access in your codespaces via environment variables.

Codespaces is available for user accounts using GitHub Free or GitHub Pro. For more information, see "GitHub's products."

In this article

Note: Encrypted secrets for Codespaces is currently in beta and subject to change.

About encrypted secrets for Codespaces

You can add encrypted secrets to your user account that you want to use in your codespaces. For example, you may want to store and access the following sensitive information as encrypted secrets.

You can choose which repositories should have access to each secret. Then, you can use the secret in any codespace you create for a repository that has access to the secret.

Adding a secret

Note: Tokens starting with GITHUB_ are reserved

  1. In the upper-right corner of any page, click your profile photo, then click Settings. Settings icon in the user bar
  2. In the left sidebar, click Codespaces. Codespaces tab in the user settings sidebar
  3. To the right of "Codespaces secrets", click New secret. "New secret" button
  4. Under "Name", type a name for your secret. "Name" text box
  5. Under "Value", type the value of your secret. "Value" textbox
  6. Select the "Repository access" drop-down menu, then click a repository you want to have access to the secret. Repeat for every repository you want to have access to the secret. "Repository access" drop-down menu
  7. Click Add secret.

Editing a secret

You can update the value of an existing secret, and you can change which repositories can access a secret.

  1. In the upper-right corner of any page, click your profile photo, then click Settings. Settings icon in the user bar
  2. In the left sidebar, click Codespaces. Codespaces tab in the user settings sidebar
  3. Under "Codespaces secrets", to the right of the secret you want to edit, click Update. "Update" button
  4. Under "Value", click enter a new value. "enter a new value" link
  5. Under "Value", type the value of your secret. "Value" textbox
  6. Select the "Repository access" drop-down menu, then click a repository you want to have access to the secret. Repeat for every repository you want to have access to the secret. "Repository access" drop-down menu
  7. Optionally, to remove the secret's access to a repository, deselect the repository. Checkboxes to remove access to repositories
  8. Click Save changes.

Deleting a secret

  1. In the upper-right corner of any page, click your profile photo, then click Settings. Settings icon in the user bar
  2. In the left sidebar, click Codespaces. Codespaces tab in the user settings sidebar
  3. Under "Codespaces secrets", to the right of the secret you want to delete, click Delete. "Delete" button
  4. Read the warning, then click OK. Confirmation to delete secret

Allowing your codespace to access private images

A registry is a secure space for storing and managing private container images, such as Azure Container Registry or DockerHub. By adding a secret, your codespace can access private images within the registry.

When a codespace launches, Codespaces will check for the following three secrets, which define the server name, username, and personal access token (PAT) for the container registry. If those secrets are found, Codespaces will make the registry available inside your codespace.

  • <*>_CONTAINER_REGISTRY_SERVER
  • <*>_CONTAINER_REGISTRY_USER
  • <*>_CONTAINER_REGISTRY_PASSWORD

Use the steps in "Adding a secret" to add a secret for each of these items. Replace the “<*>” in the name with a consistent identifier. For example, if you had a private image registry in Azure, it might look like the following:

ACR_CONTAINER_REGISTRY_SERVER = mycompany.azurecr.io
ACR_CONTAINER_REGISTRY_USER = acr-user-here
ACR_CONTAINER_REGISTRY_PASSWORD = <PAT>

Image registry secret example

Did this doc help you?

Privacy policy

Help us make these docs great!

All GitHub docs are open source. See something that's wrong or unclear? Submit a pull request.

Make a contribution

Or, learn how to contribute.