GitHub Secrets Manager

How to store secrets in GitHub

This is an older version of the ZenML documentation. To read and view the latest version please visit this up-to-date URL.

The GitHub secrets manager is a secrets manager flavor provided with the ZenML github integration that uses GitHub secrets to store secrets.

When to use it

The GitHub secrets manager does not allow reading secret values unless it's running inside a GitHub Actions workflow. For this reason, this secrets manager only works in combination with a GitHub Actions orchestrator.

How to deploy it

GitHub secrets are automatically enabled when creating a GitHub repository.

How to use it

To use the GitHub secrets manager, we need:

  • The ZenML github integration installed. If you haven't done so, run

    zenml integration install github
  • A personal access token to authenticate with the GitHub API. Follow this guide to create one and make sure to give it the repo scope.

  • Our GitHub username and the personal access token set as environment variables:

  • The owner and name of the repository that we want to add secrets to.

We can then register the secrets manager and use it in our active stack:

zenml secrets-manager register <NAME> \
    --flavor=github \
    --owner=<OWNER> \

# Add the secrets manager to the active stack
zenml stack update -x <NAME>

You can now register, update or delete secrets using the CLI or fetch secret values inside your steps.

A concrete example of using the GitHub secrets manager can be found here.

For more information and a full list of configurable attributes of the GitHub secrets manager, check out the API Docs.

Last updated