Granting GitHub Repo Access to Organization Secrets

Learn how to update GitHub secrets settings when adding a new repository. Follow this guide to ensure your new repo has the necessary access.

Patrick Londa

Author

Feb 26, 2023

•

min read

Share this post

Secrets in GitHub allow environment variables to be shared and utilized at either the repository or organization level. If you are using organization-level secrets, you may need to update these secrets regularly to change which repositories have access.

In this guide, we’ll show how you can create or update organization-level secrets so they can be granted to the relevant repositories.

Setting a New Organization Secret in GitHub

When you create a new organization secret in GitHub, you can set a value and specify which repositories have access. You can do this using either the GitHub console or the GitHub CLI.

Using the Console:

Here are the steps for creating a new organization-level secret and extending access to certain repositories:

Log into your GitHub account and select the organization from the list of organizations.
Go to the organization’s home page and select Settings from the menu.
From there, select Secrets and variables in the Security section, then click Codespaces.
Click New organization secret, enter a name for your new secret, and paste in the content that you want it to contain.
Under Repository access, you can select All repositories, Private repositories or Selected repositories. This is where you can specify the exact repositories you expect will need access to this organization secret.

selecting repository access for a secret — *Source:* *GitHub documentation*

Click Add secret to save your new secret.

Using the GitHub CLI:

You can also do this same action with the GitHub CLI. You just need to run the following command:

gh secret set <name-of-secret>
--body <secret-value>
--repo <org/repo-name>

Replace the parameters above with your unique values. Here’s an example where the secret value is contained in the content of a file:

gh secret set BLINK_DEMO_SECRET
< blink-secret-value.json
--repo blinkops/demo-repository

This will generate a new secret with the name provided and assign it to the repository indicated. To check that your changes have been made, you can use the following command to view all secrets associated with the repository:

gh secret list --repo <org/repo-name>

If your new secret is in the list, then you’ve successfully created a new secret and assigned it to a specific repository. What if you already have the secret in your GitHub organization, and you just want to update it?

Blink Automation: Add Repo to Organization Secret in GitHub

Blink + GitHub

Try This Automation

Updating an Existing Organization Secret in GitHub

What if you already have the secret in your GitHub organization, and you just want to update it to extend access to a new repository? Here’s how you can make those updates.

Using the Console:

Here are the steps for updating a secret using the browser:

Log into your GitHub account and select the organization from the list of organizations.
Then go to the organization’s home page and select Settings from the menu.
From there, select Secrets and variables in the Security section, then click Codespaces.
You’ll see a list of your organization secrets and you can click the Update button to update which repositories should have access to this secret.

updating secret settings — *Source:* *GitHub documentation*

Save your changes.

Using the GitHub CLI:

To add a repository to an existing organization-level secret using the GitHub CLI, run the following command:

gh secret set <name-of-secret>  --org <org-name>   --repos <repo-name-1>, <repo-name-2>

Once you’ve run this, you can test that it has worked by running the same command from the section above:

gh secret list --repo <org/repo-name>

If the relevant secret is now included in the list for your new repository, then you have successfully made the update.

Managing Secrets in GitHub Easily with Blink

As we’ve just shown, it isn’t difficult to create a new secret in GitHub or update its repositories, but it does take context-switching and manual steps.

With Blink, you can simplify this task by using this pre-built automation from our no-code library.

Blink Automation: Add Repo to Organization Secret with GitHub and Send Results via Slack

When you input parameters like which repo needs access to which secret, this automation runs the following steps:

Adds the repository to receive access to the Organization Secret via the GitHub API.
Sends a confirmation message to a specified channel.

This is a simple automation, which makes it easy to customize. For example, you could drag-and-drop an approval step that asks via Slack whether this is appropriate.

You can also trigger automations so that whenever a new repository is created, you can run checks to ensure that branch protection rules and vulnerability scanning are enabled.

Get started with Blink and streamline and standardize your GitHub workflows today.

Expert Tip

How-To Guides

Ensure VMware Workspace ONE Compliance Using Okta

Learn how to validate VMware Workspace ONE installation compliance using Okta for effective device management and security in your organization.

Articles

What to Look for in a Security Automation Platform

Explore the evolution of security automation and discover the top features to look for in 2024 beyond legacy SOAR systems.

Articles

Avoid Vendor Lock-in with AI-Powered Security Automation

Discover how AI-powered security automation helps avoid vendor lock-in by standardizing and integrating data across various cybersecurity products.

Automate your security operations everywhere.

Blink is secure, decentralized, and cloud-native.  Get modern cloud and security operations today.

Get a Demo