Actions secrets and variables on enterprise level

[Timmmy-nlb]

Select Topic Area

Product Feedback

Body

What I miss and would like to see as a new function would be secrets and variables at enterprise level, which are then inherited by the organizations.

Especially for license keys, shared tokens or general variables, it would be great if you didn't have to create them manually in each org.

I would imagine that it would be possible to restrict the individual entries as to which orgs they are inherited by, as with the runner groups.

[CheetahCodes21]

Having the ability to define secrets and variables at the enterprise level and inherit them across organizations would be a valuable addition to GitHub Enterprise. This would streamline the process of managing sensitive information and shared configurations, reducing the need for manual duplication and ensuring consistency across the organization.

Here's a more detailed breakdown of the proposed functionality:

1. Enterprise-level secrets and variables: Create a dedicated section within the enterprise settings to manage secrets and variables that apply to all organizations. These secrets and variables could be defined using a key-value pair format, similar to the existing secrets and variables management at the organization and repository levels.

2. Inheritance and restrictions: Implement a mechanism to inherit enterprise-level secrets and variables to specific organizations. This could be achieved through a hierarchical inheritance model or by allowing administrators to explicitly select which organizations should inherit specific secrets and variables.

3. Access control: Maintain granular access control for enterprise-level secrets and variables. This ensures that only authorized individuals can view, create, update, or delete these entities.

4. Consistency and security: By centralizing the management of sensitive information and shared configurations, organizations can achieve greater consistency and security across their GitHub Enterprise environment. This reduces the risk of misconfigurations, unauthorized access, and data breaches.

5. Reduced administrative overhead: Eliminating the need to manually create and manage secrets and variables in each organization simplifies administrative tasks and reduces the overall workload for IT teams.

6. Improved collaboration: Enterprise-level secrets and variables can facilitate seamless collaboration across organizations, ensuring that teams have access to the necessary information and configurations to work effectively.

Overall, introducing enterprise-level secrets and variables would enhance the manageability, security, and collaboration within GitHub Enterprise organizations.

[Akash1134]

Hi @Timmmy-nlb ,

We’ve clarified our stance on using generative AI tools like ChatGPT within our Community via this announcement. Please review the guidelines to ensure your post meets them as failure to adhere to those rules can result in action taken by our moderator team.  You can read our updated Code of Conduct and the announcement for more details. Thank you for helping us maintain an authentic and beneficial space for everyone.

[Timmmy-nlb]

Hello @Akash1134,
I'm a bit confused about the address to me.
And I honestly don't understand it in the context of a functional request...

[Timmmy-nlb]

Hello @Akash1134 ,
what does it look like now?
Are there any questions to confirm the usefulness of this function or has this request been accepted as valid?

[Timmmy-nlb]

@Akash1134 Hello? No response?

[jasontempleman-eaton]

I don't see any movement on this and it is a needed feature.

[razorsk8jz]

This would be a really nice to have

[lee5i3]

Having the ability to define secrets and variables at the enterprise level and have them automatically inherited across organizations would be incredibly valuable. Right now, managing shared variables across multiple organizations requires a lot of manual duplication. Not only is that time-consuming, but it also increases the risk of inconsistencies or outdated values slipping through.

If we could centrally manage secrets and variables at the enterprise level, it would make it much easier to keep everything aligned across all organizations. It would reduce administrative overhead, simplify onboarding new repos or orgs, and give us more confidence that sensitive information is being handled consistently and securely everywhere.

[T-me-813]

I also think having enterprise level control would be ideal for numerous scenarios.