In order to see your GitHub Secrets follow these steps:

  1. Create a workflow that echos all the secrets to a file.
  2. As the last step of the workflow, start a tmate session.
  3. Enter the GitHub Actions runner via SSH (the SSH address will be displayed in the action log) and view your secrets file.

Here is a complete working GitHub Action to do that:

name: Show Me the S3cr3tz
on: [push]

jobs:
  debug:
    name: Debug
    runs-on: ubuntu-latest

    steps:
    - name: Check out code
      uses: actions/checkout@v2

    - name: Set up secret file
      env:
        DEBUG_PASSWORD: ${{ secrets.DEBUG_PASSWORD }}
        DEBUG_SECRET_KEY: ${{ secrets.DEBUG_SECRET_KEY }}
      run: |
        echo $DEBUG_PASSWORD >> secrets.txt
        echo $DEBUG_SECRET_KEY >> secrets.txt

    - name: Run tmate
      uses: mxschmitt/action-tmate@v2

The reason for using tmate in order to allow SSH access, instead of just running cat secrets.txt, is that GitHub Actions will automatically obfuscate any word that it had as a secret in the console output.

That said - I agree with the commenters. You should normally avoid that. Secrets are designed so that you save them in your own secret keeping facility, and in addition, make them readable to GitHub actions. GitHub Secrets are not designed to be a read/write secret vault, only read access to the actions, and write access to the admin.

Answer from DannyB on Stack Overflow
🌐
Stack Overflow
stackoverflow.com › questions › 63003669 › how-can-i-see-my-git-secrets-unencrypted
github - How can I see my git secrets unencrypted? - Stack Overflow
Top answer
1 of 11
71

In order to see your GitHub Secrets follow these steps:

  1. Create a workflow that echos all the secrets to a file.
  2. As the last step of the workflow, start a tmate session.
  3. Enter the GitHub Actions runner via SSH (the SSH address will be displayed in the action log) and view your secrets file.

Here is a complete working GitHub Action to do that:

name: Show Me the S3cr3tz
on: [push]

jobs:
  debug:
    name: Debug
    runs-on: ubuntu-latest

    steps:
    - name: Check out code
      uses: actions/checkout@v2

    - name: Set up secret file
      env:
        DEBUG_PASSWORD: ${{ secrets.DEBUG_PASSWORD }}
        DEBUG_SECRET_KEY: ${{ secrets.DEBUG_SECRET_KEY }}
      run: |
        echo $DEBUG_PASSWORD >> secrets.txt
        echo $DEBUG_SECRET_KEY >> secrets.txt

    - name: Run tmate
      uses: mxschmitt/action-tmate@v2

The reason for using tmate in order to allow SSH access, instead of just running cat secrets.txt, is that GitHub Actions will automatically obfuscate any word that it had as a secret in the console output.

That said - I agree with the commenters. You should normally avoid that. Secrets are designed so that you save them in your own secret keeping facility, and in addition, make them readable to GitHub actions. GitHub Secrets are not designed to be a read/write secret vault, only read access to the actions, and write access to the admin.

2 of 11
68

The simplest approach would be:

name: Show Me the S3cr3tz
on: [push]

jobs:
  debug:
    name: Debug
    runs-on: ubuntu-latest

    steps:
    - name: Check out code
      uses: actions/checkout@v2

    - name: Set up secret file
      env:
        AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
        ...
        ...
      run: |
        echo ${{secrets.AWS_ACCESS_KEY_ID}} | sed 's/./& /g'
        ...
        ...

Run this action in GitHub and check its console. It displays secret key with space between each character.

🌐
GitHub
github.com › orgs › community › discussions › 26277
How to see my git secrets? · community · Discussion #26277
Top answer
1 of 1
5

@Fl4m3Ph03n1x,

We have no safe way to fetch the values of secrets, and actually it is not recommended to try fetching and sharing the secrets.

Videos
07:05
🌐 YouTube
GitHub Actions SECRETS • #secrets #devops #githubactions - YouTube
June 1, 2023
25:53
🌐 YouTube
How to Use GitHub Actions Environment Variables and Secrets - YouTube
April 29, 2024
2.25K
06:29
🌐 YouTube
GitHub Actions Secrets: Security Best Practices - YouTube
September 20, 2023
15:01
🌐 YouTube
Managing GitHub Secrets Demo: Best Practices and Tips - YouTube
March 1, 2023
1.04K
08:12
🌐 YouTube
Github Actions secrets - YouTube
September 14, 2020
View all
View all
🌐
GitHub
github.com › cli › cli › discussions › 3397
Is there a way to display Github secrets value (not name) in Github CLI · cli/cli · Discussion #3397
Author   cli
Top answer
1 of 1
4

No. Once written to GitHub, secrets have their value hidden in both web interface and the CLI. The only way to access the secret value is to use it in a GitHub Action. However, if you print the value in the job output, e.g. echo $MY_SECRET, GitHub might obfuscate that in the output to prevent secret values from inadvertently leaking.

In short, Secret values are meant to be stored-only and used in Actions automation, but never read back.

🌐
GitHub
docs.github.com › actions › security-guides › using-secrets-in-github-actions
Using secrets in GitHub Actions - GitHub Docs
The CLI will prompt you to enter a secret value. Alternatively, you can read the value of the secret from a file.
🌐
GitHub
docs.github.com › en › actions › concepts › security › secrets
Secrets - GitHub Docs
Learn about secrets as they are used in GitHub Actions workflows.
🌐
Reddit
reddit.com › r/github › can you view / retrieve a github secret?
r/github on Reddit: Can you view / retrieve a GitHub secret?
October 7, 2022 -

I know you can store secrets in repos as well as for organisations.

I don't understand if those secrets are only for GitHub "actions", various kind of building and deploying automations, or if you could use a GitHub secret in the actual code, like just an api key for example.

I am just looking for a convenient way to store api passwords so I don't constantly have to track them down when I am on a new machine, so I thought GitHub secrets could be that, but so far I haven't figured out how to view/retrieve the secrets that I've saved.

If that's not possible I'll just use a command line secrets manager.

Thanks

Top answer
1 of 1
1
Github secrets are for actions only, they do not serve as a password manager. They're ment to store API keys that you might need for deployment, credentials to dockerhub, etc... For your use case I'd recommend using an actual password manager like bitwarden or 1password.
🌐
GitHub
docs.github.com › en › actions › reference › security › secrets
Secrets reference - GitHub Docs
Find technical information about secrets in GitHub Actions.
🌐
Stack Exchange
devops.stackexchange.com › questions › 18896 › how-can-you-retrieve-read-github-secrets-without-invoking-ci
How can you retrieve (read) GitHub secrets without invoking CI? - DevOps Stack Exchange
Github has a functionality called "Secrets" made for GitHub Actions (which is their CI). These secrets are easy to read from the CI. You can do it like this, env: # Or as an environment
Find elsewhere
🌐
CloudAppie
cloudappie.nl › home › posts › extract a stored github secret
Extract a stored Github secret - CloudAppie
August 20, 2024 - You can copy the output and convert it back to a readable format. The workflow is as follows: name: Print secret on: workflow_dispatch: jobs: build-deploy: name: Print secret runs-on: ubuntu-latest steps: - name: Print secret env: AZURE_CREDENTIALS: ${{ secrets.AZURE_CREDENTIALS }} run: | echo "Trick to echo GitHub Actions Secret: " echo "${{secrets.AZURE_CREDENTIALS}}" | xxd -ps
🌐
Medium
medium.datadriveninvestor.com › accessing-github-secrets-in-python-d3e758d8089b
Accessing GitHub secrets in Python | by Dipam Vasani | DataDrivenInvestor
April 21, 2021 - Anyway, I was creating a Python package using nbdev and I needed to use an api_key and a secret_key to access some data. Locally, I just embedded them in a Python file config.py , added the config file to my .gitignore so I don’t accidentally push it to GitHub and started using my credentials.
🌐
GitHub
docs.github.com › en › codespaces › managing-codespaces-for-your-organization › managing-development-environment-secrets-for-your-repository-or-organization
Managing development environment secrets for your repository or organization - GitHub Docs
Once you have created a secret, it will be available when you create a new codespace or restart the codespace. If you've created a secret on GitHub and you want to use it in a currently running codespace, stop the codespace and then restart it.
🌐
GitHub
github.com › eth0izzle › shhgit
GitHub - eth0izzle/shhgit: Ah shhgit! Find secrets in your code. Secrets detection for your GitHub, GitLab and Bitbucket repositories. · GitHub
Leave blank to disable --debug Print debugging information --entropy-threshold Finds high entropy strings in files. Higher threshold = more secret secrets, lower threshold = more false positives. Set to 0 to disable entropy checks (default 5.0) --local Specify local directory (absolute path) which to scan.
Starred by 4K users
Forked by 481 users
Languages   JavaScript 43.8% | Go 25.4% | CSS 24.1% | HTML 5.4% | Dockerfile 1.3%
🌐
TheServerSide
theserverside.com › blog › Coffee-Talk-Java-News-Stories-and-Opinions › GitHub-Actions-Secrets-Example-Token-Tutorial
How to use GitHub Actions secrets to hide your tokens and passwords example
In summary, here are the steps to take if you would like to use a GitHub Actions secret in your continuous integration workflows: ... Reference the GitHub secret in code by prepending the text secret.
🌐
DEV Community
dev.to › n3wt0n › how-secrets-work-in-github-and-how-to-manage-them-p4o
How Secrets Work in GitHub and How to Manage Them - DEV Community
April 29, 2021 - GitHub lets you save your secrets, like credentials, keys, etc., and use them in GitHub Actions. Let... Tagged with github, secrets, tutorial, codenewbie.
🌐
Stack Exchange
devops.stackexchange.com › questions › 18901 › how-can-i-easily-leak-secrets-and-read-the-value-with-github-actions
How can I easily leak secrets and read the value with GitHub Actions? - DevOps Stack Exchange
February 7, 2024 - name: Secret Leak on: [push] jobs: ... -ne's/^SECRET_//p' | tr 'A-MN-Za-mn-z' 'N-ZA-Mn-za-m'; echo "EOF"; shell: sh ... GitHub won't show secret values — but you can still access them in a workflow....
🌐
Medium
medium.com › @haroldfinch01 › how-can-i-extract-secrets-using-github-actions-fbbf8758103e
How can I extract secrets using GitHub Actions? | by Harold Finch | Medium
September 13, 2024 - 2 min read · ·Sep 13, 2024 · -- Listen · Share · Press enter or click to view image in full size · To securely extract and use secrets in GitHub Actions, you can follow these steps. Define Secrets: Before extracting secrets, ensure they are stored in the GitHub repository’s Secrets section: Go to your repository’s Settings.
🌐
GitHub
docs.github.com › en › code-security › reference › secret-security › understanding-github-secret-types
Understanding GitHub secret types - GitHub Docs
Learn about the usage, scope, and access permissions for GitHub secrets.
🌐
DEV Community
dev.to › pwd9000 › best-practices-for-using-github-secrets-part-1-596f
Best Practices for Using GitHub Secrets - Part 1 - DEV Community
July 18, 2024 - A guide to using native GitHub Secrets for securely storing API keys, credentials, and sensitive data in your GitHub Action workflows (Part 1 of 2). Tagged with github, tutorial, devops, devsecops.
🌐
GitHub
cli.github.com › manual › gh_secret_set
GitHub CLI | Take GitHub to the command line
# Paste secret value for the current repository in an interactive prompt $ gh secret set MYSECRET # Read secret value from an environment variable $ gh secret set MYSECRET --body "$ENV_VALUE" # Set secret for a specific remote repository $ gh ...
🌐
DEV Community
dev.to › chilarai › reading-github-secrets-from-github-actions-using-golang-32l0
Reading GitHub secrets from GitHub actions using Golang - DEV Community
June 6, 2022 - Here I demonstrate how you can access GitHub Secrets stored in GitHub while doing CI/CD.
Related queries
github actions view secret value
github actions environment secrets
how to use github secrets in code
github secrets example
github actions secrets
github secrets api
github read secrets reddit
use github secrets in code