Hi!
one quick question. In the Secret tab from Workflow the option Expose for Pull Request is available.
I’ve been checking documentation but i can’t understand correctly which kind of exposition and risks could happen in that case. In the logs, secrets are [REDACTED]. Could you give an example about it or point me to somewhere i can get more info about it?
Thanks a lot in advance!
Hello,
It seems this was put in place primarily for open source projects. In fact, there was a time when there wasn’t an option to expose secrets for PRs!
Here is a blog that talks about this:
One thing to note:
Private apps: By default, Pull Requests submitted from a fork require approval if any Secrets are marked to be exposed for Pull Requests . The setting can be changed. If your secrets are NOT exposed to PRs, the build will run without asking for approval.
Hope this helps!
cathy
Thanks a lot for the reply!