Skip to content

Instantly share code, notes, and snippets.

@Skenvy

Skenvy/README.md

Last active June 12, 2025 09:15
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save Skenvy/53fcc12ad15f4c10b653eb4711facc64 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save Skenvy/53fcc12ad15f4c10b653eb4711facc64 to your computer and use it in GitHub Desktop.
Download ZIP
Extracting GitHub secrets
Raw
README.md

Extracting GitHub secrets

Sometimes, you might have lost some secret you're using in GitHub, and need to extract it. Your secrets, at https://github.com/{owner}/{repo}/settings/secrets/actions.

Workflow

Make a new workflow in some new branch. Set a temporary symmetric password that you're going to use locally and set it as TEMPORARY_GPG_SYMMETRIC_PASSWORD in your repo secrets. Replace the name of the secret to extract, NAME_OF_SECRET_YOU_WANT_TO_EXTRACT.

on: push
env:
  name_of_secret_to_extract: NAME_OF_SECRET_YOU_WANT_TO_EXTRACT
jobs:
  job:
    runs-on: ubuntu-latest
    steps:
    - run: |-
        cat > temp_unenc << EOF
        ${{ secrets[env.name_of_secret_to_extract] }}
        EOF
    - run: gpg --output temp_enc --passphrase "${{ secrets.TEMPORARY_GPG_SYMMETRIC_PASSWORD }}" --batch --symmetric --cipher-algo AES256 temp_unenc
    - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
      with:
        path: temp_enc

Get it and decrypt it

Navigate to the workflow's run log, and download the artifact zip. Unzip it, and then run;

gpg --output decrypted_secret --decrypt temp_enc
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment