Expose for pull requests

jesmrec · June 16, 2021, 4:35pm

Hi!

one quick question. In the Secret tab from Workflow the option Expose for Pull Request is available.

I’ve been checking documentation but i can’t understand correctly which kind of exposition and risks could happen in that case. In the logs, secrets are [REDACTED]. Could you give an example about it or point me to somewhere i can get more info about it?

Thanks a lot in advance!

cathy.harmon · June 16, 2021, 7:35pm

Hello,

It seems this was put in place primarily for open source projects. In fact, there was a time when there wasn’t an option to expose secrets for PRs!

Here is a blog that talks about this:

One thing to note:

Private apps: By default, Pull Requests submitted from a fork require approval if any Secrets are marked to be exposed for Pull Requests . The setting can be changed. If your secrets are NOT exposed to PRs, the build will run without asking for approval.

Hope this helps!
cathy

jesmrec · June 17, 2021, 7:29am

Thanks a lot for the reply!

system · July 17, 2021, 7:29am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Reveal secret vars only for non-fork Pull Requests Released	1	686	March 17, 2020
Bitrise_pull_request Question & Answer	2	668	June 7, 2021
Allowing developers to modify workflows without exposing secrets Question & Answer	3	1646	November 22, 2018
Public read-only workflow Builds	3	1274	June 27, 2017
Disable manual approval for public repositories Website	8	819	January 8, 2020

Expose for pull requests

Related Topics