Home > Software engineering >  Will a github token leak when running github actions
Will a github token leak when running github actions

Time:12-01

I'm running Github actions workflow in a private repo, and it pushes changes in a public repo. I'm providing my GitHub token in the private repo for the workflow github actions. Will my token leak in my public repo .git?

Can somebody clarify this? I'm don't have knowledge of security things :(

CodePudding user response:

The Automatic token authentication page uses a GITHUB_TOKEN secret, which should, as its name suggests, remains... a secret.

At the start of each workflow run, GitHub automatically creates a unique GITHUB_TOKEN secret to use in your workflow.
You can use the GITHUB_TOKEN to authenticate in a workflow run.

The GITHUB_TOKEN secret is a GitHub App installation access token.
You can use the installation access token to authenticate on behalf of the GitHub App installed on your repository.
The token's permissions are limited to the repository that contains your workflow.

So you should not need to use your own GitHub token, only the one generated by GitHub Action.

Page link:https//www.codepudding.com/Softwareengineering/211055.html

Prev:Specifying multiple commands for GIT_SSH_COMMAND
Next:How to copy and paste multiple objects in same S3 location to generate ObjectCreated notifications?
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding