Skip to main content

repo_secrets

Overview

Namerepo_secrets
TypeResource
Idgithub.dependabot.repo_secrets

Fields

NameDatatypeDescription
namestringThe name of the secret.
updated_atstring
created_atstring

Methods

NameAccessible byRequired ParamsDescription
get_repo_secretSELECTowner, repo, secret_nameGets a single repository secret without revealing its encrypted value. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the dependabot_secrets repository permission to use this endpoint.
list_repo_secretsSELECTowner, repoLists all secrets available in a repository without revealing their encrypted values. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the dependabot_secrets repository permission to use this endpoint.
create_or_update_repo_secretINSERTowner, repo, secret_nameCreates or updates a repository secret with an encrypted value. Encrypt your secret using
LibSodium. You must authenticate using an access
token with the repo scope to use this endpoint. GitHub Apps must have the dependabot_secrets repository
permission to use this endpoint.

#### Example encrypting a secret using Node.js

Encrypt your secret using the tweetsodium library.

<br />const sodium = require('tweetsodium');<br /><br />const key = "base64-encoded-public-key";<br />const value = "plain-text-secret";<br /><br />// Convert the message and key to Uint8Array's (Buffer implements that interface)<br />const messageBytes = Buffer.from(value);<br />const keyBytes = Buffer.from(key, 'base64');<br /><br />// Encrypt using LibSodium.<br />const encryptedBytes = sodium.seal(messageBytes, keyBytes);<br /><br />// Base64 the encrypted secret<br />const encrypted = Buffer.from(encryptedBytes).toString('base64');<br /><br />console.log(encrypted);<br />


#### Example encrypting a secret using Python

Encrypt your secret using pynacl with Python 3.

<br />from base64 import b64encode<br />from nacl import encoding, public<br /><br />def encrypt(public_key: str, secret_value: str) -&gt; str:<br /> """Encrypt a Unicode string using the public key."""<br /> public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())<br /> sealed_box = public.SealedBox(public_key)<br /> encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))<br /> return b64encode(encrypted).decode("utf-8")<br />

#### Example encrypting a secret using C#

Encrypt your secret using the Sodium.Core package.

<br />var secretValue = System.Text.Encoding.UTF8.GetBytes("mySecret");<br />var publicKey = Convert.FromBase64String("2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvvcCU=");<br /><br />var sealedPublicKeyBox = Sodium.SealedPublicKeyBox.Create(secretValue, publicKey);<br /><br />Console.WriteLine(Convert.ToBase64String(sealedPublicKeyBox));<br />

#### Example encrypting a secret using Ruby

Encrypt your secret using the rbnacl gem.

ruby<br />require "rbnacl"<br />require "base64"<br /><br />key = Base64.decode64("+ZYvJDZMHUfBkJdyq5Zm9SKqeuBQ4sj+6sfjlH4CgG0=")<br />public_key = RbNaCl::PublicKey.new(key)<br /><br />box = RbNaCl::Boxes::Sealed.from_public_key(public_key)<br />encrypted_secret = box.encrypt("my_secret")<br /><br /># Print the base64 encoded secret<br />puts Base64.strict_encode64(encrypted_secret)<br />
delete_repo_secretDELETEowner, repo, secret_nameDeletes a secret in a repository using the secret name. You must authenticate using an access token with the repo scope to use this endpoint. GitHub Apps must have the dependabot_secrets repository permission to use this endpoint.