Viewing docs for GitHub v6.13.1
published on Wednesday, Apr 29, 2026 by Pulumi
published on Wednesday, Apr 29, 2026 by Pulumi
Viewing docs for GitHub v6.13.1
published on Wednesday, Apr 29, 2026 by Pulumi
published on Wednesday, Apr 29, 2026 by Pulumi
This resource allows you to create and manage GitHub Actions secrets within your GitHub organization. You must have write access to a repository to use this resource.
Secret values are encrypted using the Go ‘/crypto/box’ module which is interoperable with libsodium. Libsodium is used by GitHub to decrypt secret values.
For the purposes of security, the contents of the value field have been marked as sensitive to Terraform,
but it is important to note that this does not hide it from state files. You should treat state as sensitive always.
It is also advised that you do not store plaintext values in your code but rather populate the valueEncrypted
using fields from a resource, data source or variable as, while encrypted in state, these will be easily accessible
in your code. See below for an example of this abstraction.
Example Usage
import * as pulumi from "@pulumi/pulumi";
import * as github from "@pulumi/github";
const examplePlaintext = new github.ActionsOrganizationSecret("example_plaintext", {
secretName: "example_secret_name",
visibility: "all",
value: someSecretString,
});
const exampleEncrypted = new github.ActionsOrganizationSecret("example_encrypted", {
secretName: "example_secret_name",
visibility: "all",
valueEncrypted: someEncryptedSecretString,
});
import pulumi
import pulumi_github as github
example_plaintext = github.ActionsOrganizationSecret("example_plaintext",
secret_name="example_secret_name",
visibility="all",
value=some_secret_string)
example_encrypted = github.ActionsOrganizationSecret("example_encrypted",
secret_name="example_secret_name",
visibility="all",
value_encrypted=some_encrypted_secret_string)
package main
import (
"github.com/pulumi/pulumi-github/sdk/v6/go/github"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := github.NewActionsOrganizationSecret(ctx, "example_plaintext", &github.ActionsOrganizationSecretArgs{
SecretName: pulumi.String("example_secret_name"),
Visibility: pulumi.String("all"),
Value: pulumi.Any(someSecretString),
})
if err != nil {
return err
}
_, err = github.NewActionsOrganizationSecret(ctx, "example_encrypted", &github.ActionsOrganizationSecretArgs{
SecretName: pulumi.String("example_secret_name"),
Visibility: pulumi.String("all"),
ValueEncrypted: pulumi.Any(someEncryptedSecretString),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Github = Pulumi.Github;
return await Deployment.RunAsync(() =>
{
var examplePlaintext = new Github.Index.ActionsOrganizationSecret("example_plaintext", new()
{
SecretName = "example_secret_name",
Visibility = "all",
Value = someSecretString,
});
var exampleEncrypted = new Github.Index.ActionsOrganizationSecret("example_encrypted", new()
{
SecretName = "example_secret_name",
Visibility = "all",
ValueEncrypted = someEncryptedSecretString,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.github.ActionsOrganizationSecret;
import com.pulumi.github.ActionsOrganizationSecretArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var examplePlaintext = new ActionsOrganizationSecret("examplePlaintext", ActionsOrganizationSecretArgs.builder()
.secretName("example_secret_name")
.visibility("all")
.value(someSecretString)
.build());
var exampleEncrypted = new ActionsOrganizationSecret("exampleEncrypted", ActionsOrganizationSecretArgs.builder()
.secretName("example_secret_name")
.visibility("all")
.valueEncrypted(someEncryptedSecretString)
.build());
}
}
resources:
examplePlaintext:
type: github:ActionsOrganizationSecret
name: example_plaintext
properties:
secretName: example_secret_name
visibility: all
value: ${someSecretString}
exampleEncrypted:
type: github:ActionsOrganizationSecret
name: example_encrypted
properties:
secretName: example_secret_name
visibility: all
valueEncrypted: ${someEncryptedSecretString}
Example coming soon!
import * as pulumi from "@pulumi/pulumi";
import * as github from "@pulumi/github";
const repo = github.getRepository({
fullName: "my-org/repo",
});
const exampleEncrypted = new github.ActionsOrganizationSecret("example_encrypted", {
secretName: "example_secret_name",
visibility: "selected",
value: someSecretString,
selectedRepositoryIds: [repo.then(repo => repo.repoId)],
});
const exampleSecret = new github.ActionsOrganizationSecret("example_secret", {
secretName: "example_secret_name",
visibility: "selected",
valueEncrypted: someEncryptedSecretString,
selectedRepositoryIds: [repo.then(repo => repo.repoId)],
});
import pulumi
import pulumi_github as github
repo = github.get_repository(full_name="my-org/repo")
example_encrypted = github.ActionsOrganizationSecret("example_encrypted",
secret_name="example_secret_name",
visibility="selected",
value=some_secret_string,
selected_repository_ids=[repo.repo_id])
example_secret = github.ActionsOrganizationSecret("example_secret",
secret_name="example_secret_name",
visibility="selected",
value_encrypted=some_encrypted_secret_string,
selected_repository_ids=[repo.repo_id])
package main
import (
"github.com/pulumi/pulumi-github/sdk/v6/go/github"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
repo, err := github.GetRepository(ctx, &github.LookupRepositoryArgs{
FullName: pulumi.StringRef("my-org/repo"),
}, nil)
if err != nil {
return err
}
_, err = github.NewActionsOrganizationSecret(ctx, "example_encrypted", &github.ActionsOrganizationSecretArgs{
SecretName: pulumi.String("example_secret_name"),
Visibility: pulumi.String("selected"),
Value: pulumi.Any(someSecretString),
SelectedRepositoryIds: pulumi.IntArray{
pulumi.Int(pulumi.Int(repo.RepoId)),
},
})
if err != nil {
return err
}
_, err = github.NewActionsOrganizationSecret(ctx, "example_secret", &github.ActionsOrganizationSecretArgs{
SecretName: pulumi.String("example_secret_name"),
Visibility: pulumi.String("selected"),
ValueEncrypted: pulumi.Any(someEncryptedSecretString),
SelectedRepositoryIds: pulumi.IntArray{
pulumi.Int(pulumi.Int(repo.RepoId)),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Github = Pulumi.Github;
return await Deployment.RunAsync(() =>
{
var repo = Github.Index.GetRepository.Invoke(new()
{
FullName = "my-org/repo",
});
var exampleEncrypted = new Github.Index.ActionsOrganizationSecret("example_encrypted", new()
{
SecretName = "example_secret_name",
Visibility = "selected",
Value = someSecretString,
SelectedRepositoryIds = new[]
{
repo.Apply(getRepositoryResult => getRepositoryResult.RepoId),
},
});
var exampleSecret = new Github.Index.ActionsOrganizationSecret("example_secret", new()
{
SecretName = "example_secret_name",
Visibility = "selected",
ValueEncrypted = someEncryptedSecretString,
SelectedRepositoryIds = new[]
{
repo.Apply(getRepositoryResult => getRepositoryResult.RepoId),
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.github.GithubFunctions;
import com.pulumi.github.inputs.GetRepositoryArgs;
import com.pulumi.github.ActionsOrganizationSecret;
import com.pulumi.github.ActionsOrganizationSecretArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var repo = GithubFunctions.getRepository(GetRepositoryArgs.builder()
.fullName("my-org/repo")
.build());
var exampleEncrypted = new ActionsOrganizationSecret("exampleEncrypted", ActionsOrganizationSecretArgs.builder()
.secretName("example_secret_name")
.visibility("selected")
.value(someSecretString)
.selectedRepositoryIds(repo.repoId())
.build());
var exampleSecret = new ActionsOrganizationSecret("exampleSecret", ActionsOrganizationSecretArgs.builder()
.secretName("example_secret_name")
.visibility("selected")
.valueEncrypted(someEncryptedSecretString)
.selectedRepositoryIds(repo.repoId())
.build());
}
}
resources:
exampleEncrypted:
type: github:ActionsOrganizationSecret
name: example_encrypted
properties:
secretName: example_secret_name
visibility: selected
value: ${someSecretString}
selectedRepositoryIds:
- ${repo.repoId}
exampleSecret:
type: github:ActionsOrganizationSecret
name: example_secret
properties:
secretName: example_secret_name
visibility: selected
valueEncrypted: ${someEncryptedSecretString}
selectedRepositoryIds:
- ${repo.repoId}
variables:
repo:
fn::invoke:
function: github:getRepository
arguments:
fullName: my-org/repo
Example coming soon!
Example Lifecycle Ignore Changes
This resource supports using the lifecycle ignoreChanges block on remoteUpdatedAt to support use cases where a secret value is created using a placeholder value and then modified after creation outside the scope of Terraform. This approach ensures only the initial placeholder value is referenced in your code and in the resulting state file.
import * as pulumi from "@pulumi/pulumi";
import * as github from "@pulumi/github";
const exampleAllowDrift = new github.ActionsOrganizationSecret("example_allow_drift", {
secretName: "example_secret_name",
visibility: "all",
value: "placeholder",
});
import pulumi
import pulumi_github as github
example_allow_drift = github.ActionsOrganizationSecret("example_allow_drift",
secret_name="example_secret_name",
visibility="all",
value="placeholder")
package main
import (
"github.com/pulumi/pulumi-github/sdk/v6/go/github"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := github.NewActionsOrganizationSecret(ctx, "example_allow_drift", &github.ActionsOrganizationSecretArgs{
SecretName: pulumi.String("example_secret_name"),
Visibility: pulumi.String("all"),
Value: pulumi.String("placeholder"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Github = Pulumi.Github;
return await Deployment.RunAsync(() =>
{
var exampleAllowDrift = new Github.Index.ActionsOrganizationSecret("example_allow_drift", new()
{
SecretName = "example_secret_name",
Visibility = "all",
Value = "placeholder",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.github.ActionsOrganizationSecret;
import com.pulumi.github.ActionsOrganizationSecretArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleAllowDrift = new ActionsOrganizationSecret("exampleAllowDrift", ActionsOrganizationSecretArgs.builder()
.secretName("example_secret_name")
.visibility("all")
.value("placeholder")
.build());
}
}
resources:
exampleAllowDrift:
type: github:ActionsOrganizationSecret
name: example_allow_drift
properties:
secretName: example_secret_name
visibility: all
value: placeholder
Example coming soon!
Create ActionsOrganizationSecret Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ActionsOrganizationSecret(name: string, args: ActionsOrganizationSecretArgs, opts?: CustomResourceOptions);@overload
def ActionsOrganizationSecret(resource_name: str,
args: ActionsOrganizationSecretArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ActionsOrganizationSecret(resource_name: str,
opts: Optional[ResourceOptions] = None,
secret_name: Optional[str] = None,
visibility: Optional[str] = None,
destroy_on_drift: Optional[bool] = None,
encrypted_value: Optional[str] = None,
key_id: Optional[str] = None,
plaintext_value: Optional[str] = None,
selected_repository_ids: Optional[Sequence[int]] = None,
value: Optional[str] = None,
value_encrypted: Optional[str] = None)func NewActionsOrganizationSecret(ctx *Context, name string, args ActionsOrganizationSecretArgs, opts ...ResourceOption) (*ActionsOrganizationSecret, error)public ActionsOrganizationSecret(string name, ActionsOrganizationSecretArgs args, CustomResourceOptions? opts = null)
public ActionsOrganizationSecret(String name, ActionsOrganizationSecretArgs args)
public ActionsOrganizationSecret(String name, ActionsOrganizationSecretArgs args, CustomResourceOptions options)
type: github:ActionsOrganizationSecret
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
resource "github_actionsorganizationsecret" "name" {
# resource properties
}Parameters
- name string
- The unique name of the resource.
- args ActionsOrganizationSecretArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ActionsOrganizationSecretArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ActionsOrganizationSecretArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ActionsOrganizationSecretArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ActionsOrganizationSecretArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var actionsOrganizationSecretResource = new Github.ActionsOrganizationSecret("actionsOrganizationSecretResource", new()
{
SecretName = "string",
Visibility = "string",
KeyId = "string",
Value = "string",
ValueEncrypted = "string",
});
example, err := github.NewActionsOrganizationSecret(ctx, "actionsOrganizationSecretResource", &github.ActionsOrganizationSecretArgs{
SecretName: pulumi.String("string"),
Visibility: pulumi.String("string"),
KeyId: pulumi.String("string"),
Value: pulumi.String("string"),
ValueEncrypted: pulumi.String("string"),
})
resource "github_actionsorganizationsecret" "actionsOrganizationSecretResource" {
secret_name = "string"
visibility = "string"
key_id = "string"
value = "string"
value_encrypted = "string"
}
var actionsOrganizationSecretResource = new ActionsOrganizationSecret("actionsOrganizationSecretResource", ActionsOrganizationSecretArgs.builder()
.secretName("string")
.visibility("string")
.keyId("string")
.value("string")
.valueEncrypted("string")
.build());
actions_organization_secret_resource = github.ActionsOrganizationSecret("actionsOrganizationSecretResource",
secret_name="string",
visibility="string",
key_id="string",
value="string",
value_encrypted="string")
const actionsOrganizationSecretResource = new github.ActionsOrganizationSecret("actionsOrganizationSecretResource", {
secretName: "string",
visibility: "string",
keyId: "string",
value: "string",
valueEncrypted: "string",
});
type: github:ActionsOrganizationSecret
properties:
keyId: string
secretName: string
value: string
valueEncrypted: string
visibility: string
ActionsOrganizationSecret Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ActionsOrganizationSecret resource accepts the following input properties:
- Secret
Name string - Name of the secret.
- Visibility string
- Configures the access that repositories have to the organization secret; must be one of
all,private, orselected. - Destroy
On boolDrift (Optional) This is ignored as drift detection is built into the resource.
Note: One of either
value,valueEncrypted,encryptedValue, orplaintextValuemust be specified.- Encrypted
Value string - (Optional) Please use
valueEncrypted. - Key
Id string - ID of the public key used to encrypt the secret, required when setting
encryptedValue. - Plaintext
Value string - (Optional) Please use
value. - Selected
Repository List<int>Ids - An array of repository IDs that can access the organization variable; this requires
visibilityto be set toselected. - Value string
- Plaintext value of the secret to be encrypted. This conflicts with
valueEncrypted,encryptedValue&plaintextValue. - Value
Encrypted string - Encrypted value of the secret using the GitHub public key in Base64 format,
keyIdis required with this value. This conflicts withvalue,encryptedValue&plaintextValue.
- Secret
Name string - Name of the secret.
- Visibility string
- Configures the access that repositories have to the organization secret; must be one of
all,private, orselected. - Destroy
On boolDrift (Optional) This is ignored as drift detection is built into the resource.
Note: One of either
value,valueEncrypted,encryptedValue, orplaintextValuemust be specified.- Encrypted
Value string - (Optional) Please use
valueEncrypted. - Key
Id string - ID of the public key used to encrypt the secret, required when setting
encryptedValue. - Plaintext
Value string - (Optional) Please use
value. - Selected
Repository []intIds - An array of repository IDs that can access the organization variable; this requires
visibilityto be set toselected. - Value string
- Plaintext value of the secret to be encrypted. This conflicts with
valueEncrypted,encryptedValue&plaintextValue. - Value
Encrypted string - Encrypted value of the secret using the GitHub public key in Base64 format,
keyIdis required with this value. This conflicts withvalue,encryptedValue&plaintextValue.
- secret_
name string - Name of the secret.
- visibility string
- Configures the access that repositories have to the organization secret; must be one of
all,private, orselected. - destroy_
on_ booldrift (Optional) This is ignored as drift detection is built into the resource.
Note: One of either
value,valueEncrypted,encryptedValue, orplaintextValuemust be specified.- encrypted_
value string - (Optional) Please use
valueEncrypted. - key_
id string - ID of the public key used to encrypt the secret, required when setting
encryptedValue. - plaintext_
value string - (Optional) Please use
value. - selected_
repository_ list(number)ids - An array of repository IDs that can access the organization variable; this requires
visibilityto be set toselected. - value string
- Plaintext value of the secret to be encrypted. This conflicts with
valueEncrypted,encryptedValue&plaintextValue. - value_
encrypted string - Encrypted value of the secret using the GitHub public key in Base64 format,
keyIdis required with this value. This conflicts withvalue,encryptedValue&plaintextValue.
- secret
Name String - Name of the secret.
- visibility String
- Configures the access that repositories have to the organization secret; must be one of
all,private, orselected. - destroy
On BooleanDrift (Optional) This is ignored as drift detection is built into the resource.
Note: One of either
value,valueEncrypted,encryptedValue, orplaintextValuemust be specified.- encrypted
Value String - (Optional) Please use
valueEncrypted. - key
Id String - ID of the public key used to encrypt the secret, required when setting
encryptedValue. - plaintext
Value String - (Optional) Please use
value. - selected
Repository List<Integer>Ids - An array of repository IDs that can access the organization variable; this requires
visibilityto be set toselected. - value String
- Plaintext value of the secret to be encrypted. This conflicts with
valueEncrypted,encryptedValue&plaintextValue. - value
Encrypted String - Encrypted value of the secret using the GitHub public key in Base64 format,
keyIdis required with this value. This conflicts withvalue,encryptedValue&plaintextValue.
- secret
Name string - Name of the secret.
- visibility string
- Configures the access that repositories have to the organization secret; must be one of
all,private, orselected. - destroy
On booleanDrift (Optional) This is ignored as drift detection is built into the resource.
Note: One of either
value,valueEncrypted,encryptedValue, orplaintextValuemust be specified.- encrypted
Value string - (Optional) Please use
valueEncrypted. - key
Id string - ID of the public key used to encrypt the secret, required when setting
encryptedValue. - plaintext
Value string - (Optional) Please use
value. - selected
Repository number[]Ids - An array of repository IDs that can access the organization variable; this requires
visibilityto be set toselected. - value string
- Plaintext value of the secret to be encrypted. This conflicts with
valueEncrypted,encryptedValue&plaintextValue. - value
Encrypted string - Encrypted value of the secret using the GitHub public key in Base64 format,
keyIdis required with this value. This conflicts withvalue,encryptedValue&plaintextValue.
- secret_
name str - Name of the secret.
- visibility str
- Configures the access that repositories have to the organization secret; must be one of
all,private, orselected. - destroy_
on_ booldrift (Optional) This is ignored as drift detection is built into the resource.
Note: One of either
value,valueEncrypted,encryptedValue, orplaintextValuemust be specified.- encrypted_
value str - (Optional) Please use
valueEncrypted. - key_
id str - ID of the public key used to encrypt the secret, required when setting
encryptedValue. - plaintext_
value str - (Optional) Please use
value. - selected_
repository_ Sequence[int]ids - An array of repository IDs that can access the organization variable; this requires
visibilityto be set toselected. - value str
- Plaintext value of the secret to be encrypted. This conflicts with
valueEncrypted,encryptedValue&plaintextValue. - value_
encrypted str - Encrypted value of the secret using the GitHub public key in Base64 format,
keyIdis required with this value. This conflicts withvalue,encryptedValue&plaintextValue.
- secret
Name String - Name of the secret.
- visibility String
- Configures the access that repositories have to the organization secret; must be one of
all,private, orselected. - destroy
On BooleanDrift (Optional) This is ignored as drift detection is built into the resource.
Note: One of either
value,valueEncrypted,encryptedValue, orplaintextValuemust be specified.- encrypted
Value String - (Optional) Please use
valueEncrypted. - key
Id String - ID of the public key used to encrypt the secret, required when setting
encryptedValue. - plaintext
Value String - (Optional) Please use
value. - selected
Repository List<Number>Ids - An array of repository IDs that can access the organization variable; this requires
visibilityto be set toselected. - value String
- Plaintext value of the secret to be encrypted. This conflicts with
valueEncrypted,encryptedValue&plaintextValue. - value
Encrypted String - Encrypted value of the secret using the GitHub public key in Base64 format,
keyIdis required with this value. This conflicts withvalue,encryptedValue&plaintextValue.
Outputs
All input properties are implicitly available as output properties. Additionally, the ActionsOrganizationSecret resource produces the following output properties:
- Created
At string - Date the secret was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Remote
Updated stringAt - Date the secret was last updated in GitHub.
- Updated
At string - Date the secret was last updated by the provider.
- Created
At string - Date the secret was created.
- Id string
- The provider-assigned unique ID for this managed resource.
- Remote
Updated stringAt - Date the secret was last updated in GitHub.
- Updated
At string - Date the secret was last updated by the provider.
- created_
at string - Date the secret was created.
- id string
- The provider-assigned unique ID for this managed resource.
- remote_
updated_ stringat - Date the secret was last updated in GitHub.
- updated_
at string - Date the secret was last updated by the provider.
- created
At String - Date the secret was created.
- id String
- The provider-assigned unique ID for this managed resource.
- remote
Updated StringAt - Date the secret was last updated in GitHub.
- updated
At String - Date the secret was last updated by the provider.
- created
At string - Date the secret was created.
- id string
- The provider-assigned unique ID for this managed resource.
- remote
Updated stringAt - Date the secret was last updated in GitHub.
- updated
At string - Date the secret was last updated by the provider.
- created_
at str - Date the secret was created.
- id str
- The provider-assigned unique ID for this managed resource.
- remote_
updated_ strat - Date the secret was last updated in GitHub.
- updated_
at str - Date the secret was last updated by the provider.
- created
At String - Date the secret was created.
- id String
- The provider-assigned unique ID for this managed resource.
- remote
Updated StringAt - Date the secret was last updated in GitHub.
- updated
At String - Date the secret was last updated by the provider.
Look up Existing ActionsOrganizationSecret Resource
Get an existing ActionsOrganizationSecret resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ActionsOrganizationSecretState, opts?: CustomResourceOptions): ActionsOrganizationSecret@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
created_at: Optional[str] = None,
destroy_on_drift: Optional[bool] = None,
encrypted_value: Optional[str] = None,
key_id: Optional[str] = None,
plaintext_value: Optional[str] = None,
remote_updated_at: Optional[str] = None,
secret_name: Optional[str] = None,
selected_repository_ids: Optional[Sequence[int]] = None,
updated_at: Optional[str] = None,
value: Optional[str] = None,
value_encrypted: Optional[str] = None,
visibility: Optional[str] = None) -> ActionsOrganizationSecretfunc GetActionsOrganizationSecret(ctx *Context, name string, id IDInput, state *ActionsOrganizationSecretState, opts ...ResourceOption) (*ActionsOrganizationSecret, error)public static ActionsOrganizationSecret Get(string name, Input<string> id, ActionsOrganizationSecretState? state, CustomResourceOptions? opts = null)public static ActionsOrganizationSecret get(String name, Output<String> id, ActionsOrganizationSecretState state, CustomResourceOptions options)resources: _: type: github:ActionsOrganizationSecret get: id: ${id}import {
to = github_actionsorganizationsecret.example
id = "${id}"
}
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Created
At string - Date the secret was created.
- Destroy
On boolDrift (Optional) This is ignored as drift detection is built into the resource.
Note: One of either
value,valueEncrypted,encryptedValue, orplaintextValuemust be specified.- Encrypted
Value string - (Optional) Please use
valueEncrypted. - Key
Id string - ID of the public key used to encrypt the secret, required when setting
encryptedValue. - Plaintext
Value string - (Optional) Please use
value. - Remote
Updated stringAt - Date the secret was last updated in GitHub.
- Secret
Name string - Name of the secret.
- Selected
Repository List<int>Ids - An array of repository IDs that can access the organization variable; this requires
visibilityto be set toselected. - Updated
At string - Date the secret was last updated by the provider.
- Value string
- Plaintext value of the secret to be encrypted. This conflicts with
valueEncrypted,encryptedValue&plaintextValue. - Value
Encrypted string - Encrypted value of the secret using the GitHub public key in Base64 format,
keyIdis required with this value. This conflicts withvalue,encryptedValue&plaintextValue. - Visibility string
- Configures the access that repositories have to the organization secret; must be one of
all,private, orselected.
- Created
At string - Date the secret was created.
- Destroy
On boolDrift (Optional) This is ignored as drift detection is built into the resource.
Note: One of either
value,valueEncrypted,encryptedValue, orplaintextValuemust be specified.- Encrypted
Value string - (Optional) Please use
valueEncrypted. - Key
Id string - ID of the public key used to encrypt the secret, required when setting
encryptedValue. - Plaintext
Value string - (Optional) Please use
value. - Remote
Updated stringAt - Date the secret was last updated in GitHub.
- Secret
Name string - Name of the secret.
- Selected
Repository []intIds - An array of repository IDs that can access the organization variable; this requires
visibilityto be set toselected. - Updated
At string - Date the secret was last updated by the provider.
- Value string
- Plaintext value of the secret to be encrypted. This conflicts with
valueEncrypted,encryptedValue&plaintextValue. - Value
Encrypted string - Encrypted value of the secret using the GitHub public key in Base64 format,
keyIdis required with this value. This conflicts withvalue,encryptedValue&plaintextValue. - Visibility string
- Configures the access that repositories have to the organization secret; must be one of
all,private, orselected.
- created_
at string - Date the secret was created.
- destroy_
on_ booldrift (Optional) This is ignored as drift detection is built into the resource.
Note: One of either
value,valueEncrypted,encryptedValue, orplaintextValuemust be specified.- encrypted_
value string - (Optional) Please use
valueEncrypted. - key_
id string - ID of the public key used to encrypt the secret, required when setting
encryptedValue. - plaintext_
value string - (Optional) Please use
value. - remote_
updated_ stringat - Date the secret was last updated in GitHub.
- secret_
name string - Name of the secret.
- selected_
repository_ list(number)ids - An array of repository IDs that can access the organization variable; this requires
visibilityto be set toselected. - updated_
at string - Date the secret was last updated by the provider.
- value string
- Plaintext value of the secret to be encrypted. This conflicts with
valueEncrypted,encryptedValue&plaintextValue. - value_
encrypted string - Encrypted value of the secret using the GitHub public key in Base64 format,
keyIdis required with this value. This conflicts withvalue,encryptedValue&plaintextValue. - visibility string
- Configures the access that repositories have to the organization secret; must be one of
all,private, orselected.
- created
At String - Date the secret was created.
- destroy
On BooleanDrift (Optional) This is ignored as drift detection is built into the resource.
Note: One of either
value,valueEncrypted,encryptedValue, orplaintextValuemust be specified.- encrypted
Value String - (Optional) Please use
valueEncrypted. - key
Id String - ID of the public key used to encrypt the secret, required when setting
encryptedValue. - plaintext
Value String - (Optional) Please use
value. - remote
Updated StringAt - Date the secret was last updated in GitHub.
- secret
Name String - Name of the secret.
- selected
Repository List<Integer>Ids - An array of repository IDs that can access the organization variable; this requires
visibilityto be set toselected. - updated
At String - Date the secret was last updated by the provider.
- value String
- Plaintext value of the secret to be encrypted. This conflicts with
valueEncrypted,encryptedValue&plaintextValue. - value
Encrypted String - Encrypted value of the secret using the GitHub public key in Base64 format,
keyIdis required with this value. This conflicts withvalue,encryptedValue&plaintextValue. - visibility String
- Configures the access that repositories have to the organization secret; must be one of
all,private, orselected.
- created
At string - Date the secret was created.
- destroy
On booleanDrift (Optional) This is ignored as drift detection is built into the resource.
Note: One of either
value,valueEncrypted,encryptedValue, orplaintextValuemust be specified.- encrypted
Value string - (Optional) Please use
valueEncrypted. - key
Id string - ID of the public key used to encrypt the secret, required when setting
encryptedValue. - plaintext
Value string - (Optional) Please use
value. - remote
Updated stringAt - Date the secret was last updated in GitHub.
- secret
Name string - Name of the secret.
- selected
Repository number[]Ids - An array of repository IDs that can access the organization variable; this requires
visibilityto be set toselected. - updated
At string - Date the secret was last updated by the provider.
- value string
- Plaintext value of the secret to be encrypted. This conflicts with
valueEncrypted,encryptedValue&plaintextValue. - value
Encrypted string - Encrypted value of the secret using the GitHub public key in Base64 format,
keyIdis required with this value. This conflicts withvalue,encryptedValue&plaintextValue. - visibility string
- Configures the access that repositories have to the organization secret; must be one of
all,private, orselected.
- created_
at str - Date the secret was created.
- destroy_
on_ booldrift (Optional) This is ignored as drift detection is built into the resource.
Note: One of either
value,valueEncrypted,encryptedValue, orplaintextValuemust be specified.- encrypted_
value str - (Optional) Please use
valueEncrypted. - key_
id str - ID of the public key used to encrypt the secret, required when setting
encryptedValue. - plaintext_
value str - (Optional) Please use
value. - remote_
updated_ strat - Date the secret was last updated in GitHub.
- secret_
name str - Name of the secret.
- selected_
repository_ Sequence[int]ids - An array of repository IDs that can access the organization variable; this requires
visibilityto be set toselected. - updated_
at str - Date the secret was last updated by the provider.
- value str
- Plaintext value of the secret to be encrypted. This conflicts with
valueEncrypted,encryptedValue&plaintextValue. - value_
encrypted str - Encrypted value of the secret using the GitHub public key in Base64 format,
keyIdis required with this value. This conflicts withvalue,encryptedValue&plaintextValue. - visibility str
- Configures the access that repositories have to the organization secret; must be one of
all,private, orselected.
- created
At String - Date the secret was created.
- destroy
On BooleanDrift (Optional) This is ignored as drift detection is built into the resource.
Note: One of either
value,valueEncrypted,encryptedValue, orplaintextValuemust be specified.- encrypted
Value String - (Optional) Please use
valueEncrypted. - key
Id String - ID of the public key used to encrypt the secret, required when setting
encryptedValue. - plaintext
Value String - (Optional) Please use
value. - remote
Updated StringAt - Date the secret was last updated in GitHub.
- secret
Name String - Name of the secret.
- selected
Repository List<Number>Ids - An array of repository IDs that can access the organization variable; this requires
visibilityto be set toselected. - updated
At String - Date the secret was last updated by the provider.
- value String
- Plaintext value of the secret to be encrypted. This conflicts with
valueEncrypted,encryptedValue&plaintextValue. - value
Encrypted String - Encrypted value of the secret using the GitHub public key in Base64 format,
keyIdis required with this value. This conflicts withvalue,encryptedValue&plaintextValue. - visibility String
- Configures the access that repositories have to the organization secret; must be one of
all,private, orselected.
Import
This resource can be imported using the secret name as the ID.
Note: When importing secrets, the
value,valueEncrypted,encryptedValue, orplaintextValuefields will not be populated in the state. You may need to ignore changes for these as a workaround if you’re not planning on updating the secret through Terraform.
Import Command
The following command imports a GitHub actions organization secret named mysecret to a github.ActionsOrganizationSecret resource named example.
$ pulumi import github:index/actionsOrganizationSecret:ActionsOrganizationSecret example mysecret
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- GitHub pulumi/pulumi-github
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
githubTerraform Provider.
Viewing docs for GitHub v6.13.1
published on Wednesday, Apr 29, 2026 by Pulumi
published on Wednesday, Apr 29, 2026 by Pulumi
