Expose for pull requests

jesmrec · June 16, 2021, 4:35pm

Hi!

one quick question. In the Secret tab from Workflow the option Expose for Pull Request is available.

I’ve been checking documentation but i can’t understand correctly which kind of exposition and risks could happen in that case. In the logs, secrets are [REDACTED]. Could you give an example about it or point me to somewhere i can get more info about it?

Thanks a lot in advance!

cathy.harmon · June 16, 2021, 7:35pm

Hello,

It seems this was put in place primarily for open source projects. In fact, there was a time when there wasn’t an option to expose secrets for PRs!

Here is a blog that talks about this:

One thing to note:

Private apps: By default, Pull Requests submitted from a fork require approval if any Secrets are marked to be exposed for Pull Requests . The setting can be changed. If your secrets are NOT exposed to PRs, the build will run without asking for approval.

Hope this helps!
cathy

jesmrec · June 17, 2021, 7:29am

Thanks a lot for the reply!

system · July 17, 2021, 7:29am

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Workflow Editor v1.0.14 released Changelog	3	1318	September 22, 2017
Reveal secret vars only for non-fork Pull Requests Released	1	730	March 17, 2020
Secret Env Vars and (Generic) File Storage files: control whether it's available in Pull Request builds Released released	8	3378	October 9, 2017
Secret Env Vars and (Generic) File Storage files: control whether it’s available in Pull Request builds Changelog announcements	0	1193	September 22, 2017
How to use Secrets and Env in curl triggers Question & Answer	1	474	May 4, 2023

Expose for pull requests

Related Topics