{"id":18952231,"url":"https://github.com/step-security/secrets-sync-action","last_synced_at":"2026-03-29T03:30:19.620Z","repository":{"id":255187193,"uuid":"848169249","full_name":"step-security/secrets-sync-action","owner":"step-security","description":"A Github Action that can sync secrets from one repository to many others.","archived":false,"fork":false,"pushed_at":"2025-02-04T06:16:14.000Z","size":1024,"stargazers_count":0,"open_issues_count":12,"forks_count":1,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-02-04T07:23:00.243Z","etag":null,"topics":["step-security-maintained-actions"],"latest_commit_sha":null,"homepage":"","language":"TypeScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/step-security.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":"SECURITY.md","support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2024-08-27T09:06:24.000Z","updated_at":"2025-02-03T11:50:55.000Z","dependencies_parsed_at":"2024-08-28T13:59:08.121Z","dependency_job_id":"90f0c53f-91e2-466f-8f31-83fe772f6e72","html_url":"https://github.com/step-security/secrets-sync-action","commit_stats":null,"previous_names":["step-security/secrets-sync-action"],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fsecrets-sync-action","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fsecrets-sync-action/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fsecrets-sync-action/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/step-security%2Fsecrets-sync-action/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/step-security","download_url":"https://codeload.github.com/step-security/secrets-sync-action/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":239951606,"owners_count":19723908,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["step-security-maintained-actions"],"created_at":"2024-11-08T13:31:56.899Z","updated_at":"2026-03-29T03:30:19.566Z","avatar_url":"https://github.com/step-security.png","language":"TypeScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Secrets Sync Action\n\n![Build](https://github.com/step-security/secrets-sync-action/workflows/Build/badge.svg)\n![Release](https://github.com/step-security/secrets-sync-action/workflows/Release/badge.svg)\n[![codecov](https://codecov.io/gh/step-security/secrets-sync-action/branch/main/graph/badge.svg)](https://codecov.io/gh/step-security/secrets-sync-action)\n![GitHub contributors](https://img.shields.io/github/contributors/step-security/secrets-sync-action?color=green)\n[![semantic-release](https://img.shields.io/badge/%20%20%F0%9F%93%A6%F0%9F%9A%80-semantic--release-e10079.svg)](https://github.com/semantic-release/semantic-release)\n\nA Github Action that can sync secrets from one repository to many others. This action allows a maintainer to define and rotate secrets in a single repository and have them synced to all other repositories in the Github organization or beyond. Secrets do not need to be sensitive and could also be specific build settings that would apply to all repositories and become available to all actions. Regex is used to select the secrets and the repositories. Exclude is currently not supported and it is recommended to use a bot user if possible.\n\n## Inputs\n\n### `github_token`\n\n**Required**, Token to use to get repos and write secrets. `${{secrets.GITHUB_TOKEN}}` will **not** work as it does not have the necessary scope for other repositories. This token should have the full \"repo\" scope. In older instances of GitHub, a fine-grained token may not support the required GraphQL API and a \"Classic\" personal access token would be required. As this is deprecated, please try a fine-grained token first.\n\n### `repositories`\n\n**Required**, Newline delimited regex expressions to select repositories. Repositories are limited to those in which the token user is an owner or collaborator. Set `repositories_list_regex` to `False` to use a hardcoded list of repositories. Archived repositories will be ignored.\n\n### `github_api_url`\n\nOverride default GitHub API URL. When not provided, the action will attempt to use an environment variable provided by the GitHub Action runner environment defaults.\n\n### `repositories_list_regex`\n\nIf this value is `true` (default), the action will find all repositories available to the token user and filter based upon the regex provided. If it is `false`, it is expected that `repositories` will be a newline delimited list in the form of org/name.\n\n### `secrets`\n\n**Required**, Newline delimited regex expressions to select values from `process.env`. Use the action env to pass secrets from the repository in which this action runs with the `env` attribute of the step.\n\n### `retries`\n\nThe number of retries to attempt when making Github calls when triggering rate limits or abuse limits. Defaults to 3.\n\n### `concurrency`\n\nThe number of allowed concurrent calls to the set secret endpoint. Lower this number to avoid abuse limits. Defaults to 10.\n\n### `dry_run`\n\nRun everything except for secret create and update functionality.\n\n### `delete`\n\nWhen set to `true`, the action will find and delete the selected secrets from repositories. Defaults to `false`.\n\n### `environment`\n\nIf this value is set to the name of a valid environment in the target repositories, the action will not set repository secrets but instead only set environment secrets for the specified environment. When not set, will set repository secrets only. Only works if `target` is set to `actions` (default).\n\n### `target`\n\nTarget where secrets should be stored: `actions` (default), `codespaces` or `dependabot`.\n\n### `new_secret_prefix`\n\nIf this value is set, the action will prefix the name of the secret with the provided value. This is useful when you want to use the same secret name in multiple repositories but want to avoid conflicts.\n\n## Usage\n\n```yaml\nuses: step-security/secrets-sync-action@[insert version or commit]\n  with:\n    SECRETS: |\n      ^FOO$\n      ^GITHUB_.*\n    REPOSITORIES: |\n      ${{github.repository}}\n    DRY_RUN: true\n    GITHUB_TOKEN: ${{ secrets.PERSONAL_GITHUB_TOKEN_CLASSIC }}\n    GITHUB_API_URL: ${{ secrets.CUSTOM_GITHUB_API_URL }}\n    CONCURRENCY: 10\n  env:\n    FOO: ${{github.run_id}}\n    FOOBAR: BAZ\n```","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstep-security%2Fsecrets-sync-action","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fstep-security%2Fsecrets-sync-action","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fstep-security%2Fsecrets-sync-action/lists"}