community.general.github_secrets module – Manage GitHub repository or organization secrets

Note

This module is part of the community.general collection (version 12.5.0).

You might already have this collection installed if you are using the ansible package. It is not included in ansible-core. To check whether it is installed, run ansible-galaxy collection list.

To install it, use: ansible-galaxy collection install community.general. You need further requirements to be able to use this module, see Requirements for details.

To use it in a playbook, specify: community.general.github_secrets.

New in community.general 12.5.0

Synopsis

  • Create, update, or delete secrets in a GitHub repository or organization.

Requirements

The below requirements are needed on the host that executes this module.

  • pynacl

Parameters

Parameter

Comments

api_url

string

The base URL for the GitHub API.

Default: "https://api.github.com"

key

string

The name of the secret.

organization

aliases: org, username

string / required

The GitHub username or organization name.

repository

aliases: repo

string

The name of the repository.

If not provided, the secret will be managed at the organization level.

state

string

The desired state of the secret.

Choices:

  • "present" ← (default)

  • "absent"

token

string / required

The GitHub token used for authentication.

value

string

The value of the secret. Required when state=present.

visibility

string

The visibility of the secret when set at the organization level.

Required when state=present and repository is not set.

Choices:

  • "all"

  • "private"

  • "selected"

Attributes

Attribute

Support

Description

check_mode

Support: full

Can run in check_mode and return changed status prediction without modifying target.

diff_mode

Support: none

Returns details on what has changed (or possibly needs changing in check_mode), when in diff mode.

Examples

- name: Add Github secret
  community.general.github_secrets:
    token: "{{ lookup('ansible.builtin.env', 'GITHUB_TOKEN') }}"
    repository: "ansible"
    organization: "ansible"
    key: "TEST_SECRET"
    value: "bob"
    state: "present"

- name: Delete Github secret
  community.general.github_secrets:
    token: "{{ lookup('ansible.builtin.env', 'GITHUB_TOKEN') }}"
    repository: "ansible"
    organization: "ansible"
    key: "TEST_SECRET"
    state: "absent"

Return Values

Common return values are documented here, the following are the fields unique to this module:

Key

Description

result

dictionary

The result of the module.

Returned: always

Sample: {"msg": "OK (2 bytes)", "response": "Secret created", "status": 201}

Authors

  • Thomas Sjögren (@konstruktoid)