Keep your secrets synced across multiple repositories with organization secrets

Secrets allow you to store sensitive information, such as access tokens, in your repository. Now, you can easily share, update, and automatically sync secrets with multiple repositories by creating them at the organization level. This increases security for your organization by reducing manual duplication of secrets, and reduces the likelihood of workflow failure due to an out-of-date secret.

Creating and sharing organization secrets

You can share organization secrets with the repositories you choose. This reduces duplication of secrets across repository settings, while allowing you to limit the exposure of the secret to just the repositories that require it.

You also have the option to share an organization secret with all repositories or all private repositories. When a new repository is added to the organization, it has access to any organization secret by default

Updating secrets

Organization admins can update the value of organization secrets, as well as manage which repositories have access to that secret. When the admin rotates the secret, that secret automatically syncs with repositories that have access to it, making it easy to manage secrets used by multiple repositories in one place.

We’ve updated repository secrets as well, and repository owners can now update their values, too.

Programmatically managing secrets through the GitHub Actions API

We’ve made organization secrets available for the GitHub Actions API, allowing partners to write integrations that automatically provision organization secrets.

Organization secrets can be shared with any public repository, and to private repositories within that organization that are part of a GitHub Team or Enterprise, or GitHub One plan.