On Action Setup #87
-
|
Hi Team, Through the event, I got to know that I can use my cURL (let's say GET call) to fetch the data and on a continuous run I can use https://github.com/marketplace/actions/github-action-for-curl as an action. Now my question here is that while making the call I do pass Key and Access Token and the seek I'm looking here is that will my Oauth can be seen by all? OR will it be decrypted so that none can use it further? I would like to know what security has been build so that none can check what token I am passing but the parameter can be seen. Please note I am not referring to any 3rd party app here such as Postman or another tool where I would be passing Bearer token or Auth Token. In CLI when I am doing an action method how does the security can be aussured? Also, can I get the audit of my call/publish? Looking forward to hearing from you. Regards, |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
👋 @MahendraRao : For situations where tokens are being passed between workflow steps or through third-party actions, using Repo Secrets are a good way to securely pass them. For more info on Secrets, please check this page out. |
Beta Was this translation helpful? Give feedback.
-
|
Awesome! Thank you @rohitnb |
Beta Was this translation helpful? Give feedback.
👋 @MahendraRao : For situations where tokens are being passed between workflow steps or through third-party actions, using Repo Secrets are a good way to securely pass them. For more info on Secrets, please check this page out.
For example, take a look at the Docker Login action where they ask users to provide Docker username and passwords via secrets.