Github API - Test Config

PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}
actions
repos

Creates or updates a repository secret with an encrypted value. Encrypt your secret using
LibSodium. You must authenticate using an access
token with the repo scope to use this endpoint. GitHub Apps must have the secrets repository permission to use
this endpoint.

Example encrypting a secret using Node.js

Encrypt your secret using the libsodium-wrappers library.

const sodium = require('libsodium-wrappers')
const secret = 'plain-text-secret' // replace with the secret you want to encrypt
const key = 'base64-encoded-public-key' // replace with the Base64 encoded public key

//Check if libsodium is ready and then proceed.
sodium.ready.then(() => {
  // Convert Secret & Base64 key to Uint8Array.
  let binkey = sodium.from_base64(key, sodium.base64_variants.ORIGINAL)
  let binsec = sodium.from_string(secret)

  //Encrypt the secret using LibSodium
  let encBytes = sodium.crypto_box_seal(binsec, binkey)

  // Convert encrypted Uint8Array to Base64
  let output = sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL)

  console.log(output)
});

Example encrypting a secret using Python

Encrypt your secret using pynacl with Python 3.

from base64 import b64encode
from nacl import encoding, public

def encrypt(public_key: str, secret_value: str) -> str:
  """Encrypt a Unicode string using the public key."""
  public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
  sealed_box = public.SealedBox(public_key)
  encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
  return b64encode(encrypted).decode("utf-8")

Example encrypting a secret using C#

Encrypt your secret using the Sodium.Core package.

var secretValue = System.Text.Encoding.UTF8.GetBytes("mySecret");
var publicKey = Convert.FromBase64String("2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvvcCU=");

var sealedPublicKeyBox = Sodium.SealedPublicKeyBox.Create(secretValue, publicKey);

Console.WriteLine(Convert.ToBase64String(sealedPublicKeyBox));

Example encrypting a secret using Ruby

Encrypt your secret using the rbnacl gem.

require "rbnacl"
require "base64"

key = Base64.decode64("+ZYvJDZMHUfBkJdyq5Zm9SKqeuBQ4sj+6sfjlH4CgG0=")
public_key = RbNaCl::PublicKey.new(key)

box = RbNaCl::Boxes::Sealed.from_public_key(public_key)
encrypted_secret = box.encrypt("my_secret")

# Print the base64 encoded secret
puts Base64.strict_encode64(encrypted_secret)

Create or update a repository secret

Arguments
key owner

owner [scalar]

The account owner of the repository. The name is not case sensitive.

API:
Github Open API
(version: 1.1.4)

key repo

repo [scalar]

The name of the repository. The name is not case sensitive.

API:
Github Open API
(version: 1.1.4)

key secret-name

secret-name [scalar]

The name of the secret.

API:
Github Open API
(version: 1.1.4)

Returns
201 application/json empty-object

empty-object [object]

An object without any properties.

API:
Github Open API
(version: 1.1.4)
API:
Github Open API
(version: 1.1.4)