Skip to content

GitHub CLI extension to create and generate a report of variables or secrets name and access.


Notifications You must be signed in to change notification settings


Folders and files

Last commit message
Last commit date

Latest commit



11 Commits

Repository files navigation


A GitHub gh CLI extension to list and create Secrets and Variables defined at an Organization level and/or Repository level.


  1. Install the gh CLI - see the installation instructions.

  2. Install the extension:

    gh extension install katiem0/gh-seva

For more information: gh extension install.


This extension supports listing and creating secrets and variables between and GitHub Enterprise Server, through the use of --hostname and --source-hostname.

If you are listing or creating org level secrets or variables, you'll need to ensure you have logged in with the admin:org scope. To do so, run the following command:

gh auth login -s admin:org
$ gh seva -h
Export and Create secrets and variables for an organization and/or repositories.

  seva [command]

Available Commands:
  secrets     Export and Create secrets for an organization and/or repositories.
  variables   Export and Create variables for an organization and/or repositories.

      --help   Show help for command

Use "seva [command] --help" for more information about a command.


The gh seva secrets command comprises of two subcommands, export and create, to access and create Organization level and repository level secrets.

$ gh seva secrets -h
Export and Create Actions, Dependabot, and Codespaces secrets for an organization and/or repositories.

  seva secrets [command]

Available Commands:
  create      Create Actions, Dependabot, and/or Codespaces secrets from a file.
  export      Generate a report of Actions, Dependabot, and Codespaces secrets for an organization and/or repositories.

      --help   Show help for command

Use "seva secrets [command] --help" for more information about a command.

Create Secrets

The gh seva secrets create command will create secrets from a csv file that contains the following information:

  • SecretLevel: If the secret was created at the organization or repository level
  • SecretType: If the secret was created for Actions, Dependabot or Codespaces
  • SecretName: The name of the secret
  • SecretValue: The value of the secret that will be encrypted using the associated public key
  • SecretAccess: If an organization level secret, the visibility of the secret (i.e. all, private, or scoped)
  • RepositoryNames: The name of the repositories that the secret can be accessed from (delimited with ;)
  • RepositoryIDs: The id of the repositories that the secret can be accessed from (delimited with ;)

This extension supports and GHES, through the use of --hostname and --token.

$ gh seva secrets create -h
Create Actions, Dependabot, and/or Codespaces secrets for an organization and/or repositories from a file.

  seva secrets create <organization> [flags]

  -d, --debug              To debug logging
  -f, --from-file string   Path and Name of CSV file to create webhooks from (required)
      --hostname string    GitHub Enterprise Server hostname (default "")
  -t, --token string       GitHub personal access token for organization to write to (default "gh auth token")

Global Flags:
      --help   Show help for command

Export Secrets

The gh seva secrets export command exports secrets for the specified <organization> or [repo ..] list. If <organization> is selected, both organization level and repository level secrets will be exported. The report will contain secrets produces a csv report with the following:

  • SecretLevel: If the secret was created at the organization or repository level
  • SecretType: If the secret was created for Actions, Dependabot or Codespaces
  • SecretName: The name of the secret
  • SecretValue: This field will be blank, we cannot export secret values.
  • SecretAccess: If an organization level secret, this is the visibility of the secret (i.e. all, private, or scoped)
  • RepositoryNames: The name of the repositories that the secret can be accessed from (delimited with ;)
  • RepositoryIDs: The id of the repositories that the secret can be accessed from (delimited with ;)

This extension supports and GHES, through the use of --hostname and --token.

$ gh seva secrets export -h
Generate a report of Actions, Dependabot, and Codespaces secrets for an organization and/or repositories.

  seva secrets export [flags] <organization> [repo ...] 

  -a, --app string           List secrets for a specific application or all: {all|actions|codespaces|dependabot} (default "all")
  -d, --debug                To debug logging
      --hostname string      GitHub Enterprise Server hostname (default "")
  -o, --output-file string   Name of file to write CSV report (default "report-20230505162601.csv")
  -t, --token string         GitHub Personal Access Token (default "gh auth token")

Global Flags:
      --help   Show help for command


Organization level Actions variables can be created and exported, relying on the csv file syntax:

  • VariableLevel: If the variable was created at the organization or repository level
  • VariableName: The name of the Actions variable
  • VariableValue: The value of the Actions variable
  • VariableAccess: If an organization level variable, this is the visibility of the variable (i.e. all, private, or scoped)
  • RepositoryNames: The name of the repositories that the variable can be accessed from (delimited with ;)
  • RepositoryIDs: The id of the repositories that the variable can be accessed from (delimited with ;)
$ gh seva variables -h
Export and Create Actions variables for an organization and/or repositories.

  seva variables [command]

Available Commands:
  create      Create Organization Actions variables.
  export      Generate a report of Actions variables for an organization and/or repositories.

      --help   Show help for command

Use "seva variables [command] --help" for more information about a command.

Create Variables

Organization level variables can be created from a csv file using --from-file following the format outlined in gh seva variables.

  • If specifying a Source Organization (--source-organization) to retrieve variables and create under a new Org, the --source-token is required.
$ gh seva variables create -h

Create Organization Actions variables for a specified organization or organization and repositories level variables from a file.

  seva variables create <organization> [flags]

  -d, --debug                        To debug logging
  -f, --from-file string             Path and Name of CSV file to create variables from
      --hostname string              GitHub Enterprise Server hostname (default "")
      --source-hostname string       GitHub Enterprise Server hostname where variables are copied from (default "")
  -o, --source-organization string   Name of the Source Organization to copy variables from (Requires --source-token)
  -s, --source-token string          GitHub personal access token for Source Organization (Required for --source-organization)
  -t, --token string                 GitHub personal access token for organization to write to (default "gh auth token")

Global Flags:
      --help   Show help for command

Export Variables

The gh seva variables export command exports variables for the specified <organization> or [repo ..] list. If <organization> is selected, both organization level and repository level variables will be exported. The report will contain variables produces a csv report with the following:

  • VariableLevel: If the variable was created at the organization or repository level
  • VariableName: The name of the Actions variable
  • VariableValue: The value of the Actions variable
  • VariableAccess: If an organization level variable, this is the visibility of the variable (i.e. all, private, or scoped)
  • RepositoryNames: The name of the repositories that the variable can be accessed from (delimited with ;)
  • RepositoryIDs: The id of the repositories that the variable can be accessed from (delimited with ;)

This extension supports and GHES, through the use of --hostname and --token.

$ gh seva variables export -h
Generate a report of Actions variables for an organization and/or repositories.

  seva variables export [flags] <organization> [repo ...] 

  -d, --debug                To debug logging
      --hostname string      GitHub Enterprise Server hostname (default "")
  -o, --output-file string   Name of file to write CSV report (default "report-20230505163210.csv")
  -t, --token string         GitHub Personal Access Token (default "gh auth token")

Global Flags:
      --help   Show help for command


GitHub CLI extension to create and generate a report of variables or secrets name and access.






