Skip to content
/ GitHub-Secret-Extractor Public

A simple tool to extract the plain text values of GitHub secrets.

3 stars 1 fork Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Plabick/GitHub-Secret-Extractor

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace
BranchesTags

Repository files navigation

GitHub Secret Extractor

Unit Tests

A simple tool to extract the plain text values of GitHub Secrets. This action was made to show the importance of limiting who can run workflows in repositories with secrets.

This action takes a string, secret as input and prints an encoded version of it to the console. You can then use this tool to get the secret in plain text.

Usage

    - name: Extract A Juicy Secret
      uses: Plabick/GitHub-Secret-Extractor@master
      with:
        secret: ${{ secrets.TARGET_SECRET}}

Output

*************************************
* Encoded Secret: epousfbenztfdsfut *
*************************************
To view the plain-text secret, use the decoder
plabick.github.io/Actions-Secret-Decoder/

Why is the output encoded?

GitHub redacts text that matches secrets from the console. The only way to output secrets in the console is to encode them.

How can I protect my secrets?

To protect your secrets from a variant of this tool that uses an arbitrary encoding scheme, limit who can modify workflows on repos with secrets. There is no other way to prevent the disclosure of stored secrets.

About

A simple tool to extract the plain text values of GitHub secrets.

Resources

Readme
Activity

Stars

3 stars

Watchers

1 watching

Forks

1 fork
Report repository

Releases 4

New decoder location Latest
Jan 2, 2022
+ 3 releases

Languages