You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I don't think it's right for us currently. Reasoning:
Access to secrets means access to all secrets in a repo. e.g. could include deployment tokens etc. There is no way for an app to only get access to some secrets or only its own secrets somehow.
Permissions for GitHub Apps are not optional like for iOS apps. i.e. we can't say to users "grant us access to secrets if you want to use them but decline if you don't want". If they can't grant us access to all secrets then they can't install the app.
Closed! Left here in case anyone searches for it in future. We can reconsider if there's a day when GitHub supports (a) optional permissions and/or (b) scoped secrets (e.g. to an app)
I think it's good to document any decision whether to use GitHub's secrets API or not.
secrets
The text was updated successfully, but these errors were encountered: