Skip to content

GitHub Actions Secret

Service Name: GitHub Actions

Service Description: GitHub Actions is a continuous integration and continuous delivery (CI/CD) platform that allows you to automate your build, test, and deployment pipeline. You can create workflows that build and test every pull request to your repository, or deploy merged pull requests to production.

Service Address: https://github.com/

Validation Type: API Auth

IP Allow list: IP restrictions are available at the organization level through GitHub Enterprise security settings.

Secret Access Scope: Grants access to sensitive information used in GitHub Actions workflows, such as API tokens, credentials, and other configuration values needed for CI/CD processes.

Secret Revokement URL: https://docs.github.com/en/actions/security-guides/encrypted-secrets#deleting-encrypted-secrets

Secret Example: ghp_16C7e42F292c6912E7710c838347Ae178B4a

Suspicious Activity Investigation Instructions:

  • Review GitHub Actions workflow run history for unusual patterns or failed runs.
  • Check repository audit logs for unauthorized access or changes to secrets.
  • Examine workflow files (.github/workflows/*.yml) for any recent modifications that might use the exposed secret.
  • Review repository settings to see if any webhooks or integrations were added that could be exfiltrating data.
  • Check for any forks of your repository that might have access to secrets.

Mitigation Instructions:

  • Immediately revoke the exposed GitHub token by navigating to Settings > Secrets and variables > Actions in your repository.
  • Delete the compromised secret by selecting the secret name and Delete.
  • Create a new secret with a different value if needed.
  • Review and rotate any other potentially affected credentials.
  • Enable branch protection rules to prevent unauthorized changes to workflow files.
  • Consider implementing OIDC token-based authentication for external services instead of storing long-lived credentials.
  • Review GitHub Actions permissions to ensure they follow the Principle of Least Privilege.