You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
secrets are a way to manage and use them in workflows when required.
When we tried to add secrets from the GitHub user interface (browser - webpage), they are accessible by any dependent workflows that use the newly created secrets.
As part of automation, I have delegated the responsibility of creating and updating secrets to actions/github-script.
using github.rest.actions.createOrUpdateRepoSecret we are adding secrets to github
When tried to print to the output (stdout) in some dummy GitHub action using a workaround, we see the original secret value (with some spaces)
But when we tried to consume it, it is not readable or recognized by external scripts.
To Reproduce
Steps to reproduce the behavior:
Repository to reproduce the issue : here
Create a new workflow file test_secret_access.yml with the following content
Add a secret with DUMMY_AWS_IAM_ROLE_ASSUME with a value, hello github
Run workflow test_secret_access.yml
Here aws-actions/configure-aws-credentials will be able to access secrets created manually.
Add create-secret.yml workflow with following contents
name: Createon: [workflow_dispatch]jobs:
create-secret-test:
runs-on: ubuntu-lateststeps:
- uses: actions/github-script@v6with:
script: | const publicKey = await github.rest.actions.getRepoPublicKey({ owner: context.repo.owner, repo: context.repo.repo, }) // assuming you will be actual secret from some API // encrypt the value using instructions here https://docs.github.com/en/rest/actions/secrets#create-or-update-an-organization-secret const encryptedSecret = "dummy iam role with no access to zero resources" await github.rest.actions.createOrUpdateRepoSecret({ owner: context.repo.owner, repo: context.repo.repo, secret_name: "DUMMY_AWS_IAM_ROLE_ASSUME", encrypted_value: encryptedSecret, key_id: publicKey.data.key_id, })
After running the above workflow it will create a secret in the GitHub repo
Now try to run test_secret_access.yml, it will throw an error stating that It is unable to identify or access role-to-assume
Expected behavior
The secrets created using github.rest.actions.createOrUpdateRepoSecret should be accessible or readable to other github workflows.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
OS: ubuntu 20.04
Browser: chrome
Version: 95.0.4638.69 (Official Build) (64-bit)
Smartphone (please complete the following information):
Device: [e.g. iPhone6]
OS: [e.g. iOS8.1]
Browser [e.g. stock browser, safari]
Version [e.g. 22]
Additional context
Add any other context about the problem here.
This is not only happening with https://github.com/aws-actions/configure-aws-credentials.
This issue occurs to me when I tried to create secrets using github secrets API
The text was updated successfully, but these errors were encountered:
Describe the bug
secrets
are a way to manage and use them in workflows when required.actions/github-script
.github.rest.actions.createOrUpdateRepoSecret
we are adding secrets to githubTo Reproduce
Steps to reproduce the behavior:
Repository to reproduce the issue : here
test_secret_access.yml
with the following contentDUMMY_AWS_IAM_ROLE_ASSUME
with a value,hello github
test_secret_access.yml
aws-actions/configure-aws-credentials
will be able to access secrets created manually.create-secret.yml
workflow with following contentstest_secret_access.yml
, it will throw an error stating that It is unable to identify or access role-to-assumeExpected behavior
The secrets created using
github.rest.actions.createOrUpdateRepoSecret
should be accessible or readable to other github workflows.Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
Smartphone (please complete the following information):
Additional context
Add any other context about the problem here.
This is not only happening with https://github.com/aws-actions/configure-aws-credentials.
This issue occurs to me when I tried to create secrets using github secrets API
The text was updated successfully, but these errors were encountered: