.nh .TH "GH-SECRET-SET" "1" "Oct 2024" "GitHub CLI 2.58.0" "GitHub CLI manual" .SH NAME gh-secret-set - Create or update secrets .SH SYNOPSIS \fBgh secret set [flags]\fR .SH DESCRIPTION Set a value for a secret on one of the following levels: - repository (default): available to GitHub Actions runs or Dependabot in a repository - environment: available to GitHub Actions runs for a deployment environment in a repository - organization: available to GitHub Actions runs, Dependabot, or Codespaces within an organization - user: available to Codespaces for your user .PP Organization and user secrets can optionally be restricted to only be available to specific repositories. .PP Secret values are locally encrypted before being sent to GitHub. .SH OPTIONS .TP \fB-a\fR, \fB--app\fR \fB\fR Set the application for a secret: {actions|codespaces|dependabot} .TP \fB-b\fR, \fB--body\fR \fB\fR The value for the secret (reads from standard input if not specified) .TP \fB-e\fR, \fB--env\fR \fB\fR Set deployment environment secret .TP \fB-f\fR, \fB--env-file\fR \fB\fR Load secret names and values from a dotenv-formatted file .TP \fB--no-store\fR Print the encrypted, base64-encoded value instead of storing it on GitHub .TP \fB-o\fR, \fB--org\fR \fB\fR Set organization secret .TP \fB-r\fR, \fB--repos\fR \fB\fR List of repositories that can access an organization or user secret .TP \fB-u\fR, \fB--user\fR Set a secret for your user .TP \fB-v\fR, \fB--visibility\fR \fB (default "private")\fR Set visibility for an organization secret: {all|private|selected} .SH OPTIONS INHERITED FROM PARENT COMMANDS .TP \fB-R\fR, \fB--repo\fR \fB<[HOST/]OWNER/REPO>\fR Select another repository using the [HOST/]OWNER/REPO format .SH EXIT CODES 0: Successful execution .PP 1: Error .PP 2: Command canceled .PP 4: Authentication required .PP NOTE: Specific commands may have additional exit codes. Refer to the command's help for more information. .SH EXAMPLE .EX # Paste secret value for the current repository in an interactive prompt $ gh secret set MYSECRET # Read secret value from an environment variable $ gh secret set MYSECRET --body "$ENV_VALUE" # Read secret value from a file $ gh secret set MYSECRET < myfile.txt # Set secret for a deployment environment in the current repository $ gh secret set MYSECRET --env myenvironment # Set organization-level secret visible to both public and private repositories $ gh secret set MYSECRET --org myOrg --visibility all # Set organization-level secret visible to specific repositories $ gh secret set MYSECRET --org myOrg --repos repo1,repo2,repo3 # Set user-level secret for Codespaces $ gh secret set MYSECRET --user # Set repository-level secret for Dependabot $ gh secret set MYSECRET --app dependabot # Set multiple secrets imported from the ".env" file $ gh secret set -f .env # Set multiple secrets from stdin $ gh secret set -f - < myfile.txt .EE .SH SEE ALSO \fBgh-secret(1)\fR