Description
Feature Description
Summary
Currently, there is no built-in way to define global secrets at the system (instance-wide) level in Gitea that all repositories and workflows can access. This makes it difficult to centrally manage shared secrets such as tokens, credentials, or organization-wide configurations for use in Gitea Actions.
Why is this needed
In many CI/CD environments, it's common to define secrets, such as Docker Hub tokens, internal API keys, or shared environment variables, once and reuse them across multiple repositories. Without global secrets, each repository must duplicate these secrets manually, which is inefficient and error-prone.
Proposed Solution
Introduce support for global secrets that can be defined at the system (admin) level and made available to all repositories running Gitea Actions. Ideally, this would include:
- A new admin interface: Site Administration → Actions → Secrets
- Fine-grained controls to limit visibility (e.g., to certain organizations or runners)
- Ability to override global secrets at the repository level if needed
- Secure storage of global secrets, similar to repository-level secrets
Benefits
- Centralized management of shared secrets
- Reduced duplication and maintenance effort
- Improved security and consistency
- Better scalability for organizations using Gitea across many repositories
Workaround (current state)
Some administrators attempt to define environment variables directly on runners or hardcode secrets into custom action scripts — both of which are insecure and difficult to manage at scale.
Related
- Enhances usability of Gitea Actions
- Would bring Gitea closer to GitHub Actions and GitLab CI feature parity
Screenshots
No response