Expose for pull requests


one quick question. In the Secret tab from Workflow the option Expose for Pull Request is available.

I’ve been checking documentation but i can’t understand correctly which kind of exposition and risks could happen in that case. In the logs, secrets are [REDACTED]. Could you give an example about it or point me to somewhere i can get more info about it?

Thanks a lot in advance!


It seems this was put in place primarily for open source projects. In fact, there was a time when there wasn’t an option to expose secrets for PRs!

Here is a blog that talks about this:

One thing to note:

Private apps: By default, Pull Requests submitted from a fork require approval if any Secrets are marked to be exposed for Pull Requests . The setting can be changed. If your secrets are NOT exposed to PRs, the build will run without asking for approval.

Hope this helps!

1 Like

Thanks a lot for the reply!

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.