Quick question about GitHub Actions and secrets.

[SzymonZasada]

🏷️ Discussion Type

Question

💬 Feature/Topic Area

Other

Discussion Details

Hey everyone :D

Quick question about GitHub Actions and secrets.

I’m using a free organization and currently have to define the same repository secrets separately for each repo, which is a bit annoying.

Is there a way to share secrets across multiple repositories (like organization-level secrets) on a free plan? Or is this only available under certain conditions?

Would love to hear how you’re handling this

[chemicoholic21]

Hey Szymon! yeah this is a pretty common pain point.
So organization-level secrets do exist in GitHub Actions, but here's the catch, on a free organization plan, they only work with public repositories. If your repos are private, you'd need to upgrade to GitHub Team or Enterprise to use org-level secrets across them.
If your repos are public though, you can go to your org settings, head over to Secrets and Variables under Actions, and define secrets there. You can then control which repos have access to them, either all repos or specific ones you choose.
For folks stuck on the free plan with private repos, the workarounds people usually go with are things like using a shared .env file stored somewhere secure and pulling it in at runtime, or using a secrets manager like HashiCorp Vault or AWS Secrets Manager and fetching secrets from there during the workflow. Another option some teams use is a reusable workflow that centralizes secret handling, though that still requires the secrets to be defined somewhere accessible.
Not the most elegant situation honestly, but those are the options until GitHub decides to open up org secrets for private repos on the free tier. Hope that helps!

[SzymonZasada]

Hey, thanks for clarifying --yeah, I kind of expected that answer too 😅

Unfortunately all my repositories are private, so that pretty much rules out using organization-level secrets on the free plan.

Another downside I’ve run into is with GitHub Packages - from what I can see, access to organization-level packages is also limited, which makes things even more inconvenient when trying to share artifacts between services.

So at this point it feels like the only real options are either duplicating secrets per repo or introducing an external solution like a secrets manager, which adds extra complexity.

Not the most ideal setup, but I guess that’s where things stand for now.

Thanks for the explanation anyway, appreciate it!

[chemicoholic21]

Yeah exactly, it's a bit of a frustrating spot to be in honestly. GitHub Packages having the same limitation on private repos makes it doubly annoying when you're trying to keep everything internal.

If the external secrets manager route feels like overkill for your use case, Doppler is actually worth a look since it's pretty lightweight to set up compared to Vault or AWS, and they have a free tier that works decently well for smaller teams. You just pull secrets into your workflow with a single step and it handles the rest.

For the packages side of things, one workaround some teams use is publishing to a self hosted registry or just using artifact passing between workflows within the same repo to avoid the org package limitations altogether.

Not perfect solutions but they do reduce the friction a bit without needing to upgrade. Hope you find something that works for your setup!

[dubeyarjun]

Yes — you can share secrets across multiple repositories using organization-level secrets, even on a free plan, but with some limitations.

In GitHub, organization secrets are supported for GitHub Actions, and you can configure their access scope as:

All repositories
Selected repositories
Private repositories only

👉 However, the key limitation is:

On a free plan, organization secrets are mainly available for public repositories
For private repositories, organization-level secrets may require a paid plan (Team/Enterprise) depending on your setup
🔧 How to Use (If Available)
Go to: Organization → Settings → Secrets and variables → Actions
Click New organization secret
Choose visibility (All / Selected repos)
Use it in workflows like:
env:
API_KEY: ${{ secrets.MY_SHARED_SECRET }}
🧠 If Not Available (Workarounds)

If your free plan doesn’t allow it for private repos:

❌ You must define secrets per repository (default way)
✅ Use a script or GitHub CLI to sync secrets across repos
✅ Store shared config in a secure external service (like vaults)
🎯 Conclusion
✅ Organization secrets = best way to share secrets
⚠️ Free plan has limitations for private repos
🔁 Otherwise, you’ll need to manage secrets per repo or automate it