Secrets are encrypted environment variables that you create in an organization, repository, or environment. These secrets are also available to use in GitHub Actions workflows.
GitHub uses the open-source libsodium encryption library to ensure that secrets are encrypted before reaching GitHub and remaining encrypted until you use them in a workflow.
For secrets stored at the organization-level, you can use access policies to control which repositories can use organization secrets. Organization-level secrets let you share secrets between multiple repositories, which reduces the need for creating duplicating secrets. Updating an organization secret in one location also ensures that the change takes effect in all repository workflows that use that secret.
For secrets stored at the environment level, you can enable required reviewers to control access to the secrets. A workflow job cannot access environment secrets until the required approvers approve.
In my examples, I have a DATABASE_URL secret specifically for my staging environment.
If you want to see, this live in an action. Check out this GitHub Universe talk from Chris Patterson (GitHub Action PM).
This is part of my 28 days of Actions series. To get notified of more GitHub Action tips, follow the GitHub organization right here on Dev. Learn how to build action with Node.js