Marcel Lupo

Best Practices for Using GitHub Secrets

Stop storing long-lived credentials as GitHub secrets. Use OIDC and Azure Key Vault to build a truly passwordless and more secure CI/CD pipeline.

Best Practices for Using GitHub Secrets
#1about 2 minutes

Understanding the fundamentals of GitHub Secrets

GitHub Secrets provide an encrypted way to store sensitive data like API keys within repositories for use in CI/CD workflows.

#2about 6 minutes

Managing secrets at different scopes in the UI

Secrets can be managed at the repository, environment, or organization level through the UI, but repository-level secrets become difficult to rotate at scale.

#3about 5 minutes

Consuming secrets in workflows and avoiding common pitfalls

Reference secrets in GitHub Actions using the `secrets` context, but be aware of pitfalls like hard-coding, commit history exposure, and improper access control.

#4about 5 minutes

Integrating GitHub with Azure Key Vault for centralization

Use Azure Key Vault as a centralized secret store to manage secrets outside of GitHub, improving scalability and separating access controls.

#5about 7 minutes

Configuring passwordless authentication using OpenID Connect

Set up a federated identity in Azure Entra ID with OpenID Connect to allow GitHub Actions to authenticate to Azure without long-lived secrets.

#6about 7 minutes

Fetching Azure Key Vault secrets in a GitHub workflow

Use the `azure/login` action with OIDC to authenticate, then use Azure CLI within a workflow to retrieve secrets from Key Vault for subsequent steps.

#7about 4 minutes

Key benefits of the Azure Key Vault integration

Integrating with Azure Key Vault provides centralized management, granular RBAC, secret versioning and history, and enhanced auditing capabilities.

Related jobs
Jobs that call for the skills explored in this talk.

Matching moments

Preventing exposed API keys in AI-assisted development
03:45 MIN

Preventing exposed API keys in AI-assisted development

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Malware campaigns, cloud latency, and government IT theft
01:06 MIN

Malware campaigns, cloud latency, and government IT theft

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

Crypto crime, EU regulation, and working while you sleep
01:15 MIN

Crypto crime, EU regulation, and working while you sleep

Fake or News: Self-Driving Cars on Subscription, Crypto Attacks Rising and Working While You Sleep - Théodore Lefèvre

The security risks of AI-generated code and slopsquatting
05:55 MIN

The security risks of AI-generated code and slopsquatting

Slopquatting, API Keys, Fun with Fonts, Recruiters vs AI and more - The Best of LIVE 2025 - Part 2

Final advice for developers adapting to AI
03:07 MIN

Final advice for developers adapting to AI

WeAreDevelopers LIVE – AI, Freelancing, Keeping Up with Tech and More

Building trust through honest developer advocacy
02:48 MIN

Building trust through honest developer advocacy

Devs vs. Marketers, COBOL and Copilot, Make Live Coding Easy and more - The Best of LIVE 2025 - Part 3

The importance of client-side encryption for AI features
03:16 MIN

The importance of client-side encryption for AI features

AI in the Open and in Browsers - Tarek Ziadé

Why developers often undervalue their time and paid tools
02:55 MIN

Why developers often undervalue their time and paid tools

Developer Time Is Valuable - Use the Right Tools - Kilian Valkhof

Featured Partners

Related Videos

See all videos
Securing Secrets in the GitOps era58:57

Securing Secrets in the GitOps era

Alex Soto

Stop Committing Your Secrets - GIt Hooks To The Rescue!56:06

Stop Committing Your Secrets - GIt Hooks To The Rescue!

Dwayne McDaniel

Securing secrets in the GitOps Era58:52

Securing secrets in the GitOps Era

Davide Imola

Lights, Camera, GitHub Actions!1:04:54

Lights, Camera, GitHub Actions!

Ixchel Ruiz

Real-World Security for Busy Developers29:50

Real-World Security for Busy Developers

Kevin Lewis

How GitHub secures open source25:28

How GitHub secures open source

Joseph Katsioloudes

CI/CD with Github Actions1:05:06

CI/CD with Github Actions

Chris Ayers

Securing Your Web Application Pipeline From Intruders44:30

Securing Your Web Application Pipeline From Intruders

Milecia McGregor

Related Articles

View all articles
AG
Andre Braun, GitLab
Now is the time for industrialized software development
Now is the time for industrialized software development Recently, I received a letter from my car’s manufacturer alerting me to a recall. They had discovered a defective part and wanted to replace it. It was easily fixed, and I might have forgotten a...
Now is the time for industrialized software development
BR
Benjamin Ruschin
GitHub’s Hidden Keyboard Shortcuts to Boost Your Productivity
Developers just love shortcuts. Whether it’s quickly navigating your favourite IDE, switching between tabs in a browser or saving time and clicks with a CLI command, we all love finding ways of shaving seconds off of repetitive tasks. Despite many of...
GitHub’s Hidden Keyboard Shortcuts to Boost Your Productivity

From learning to earning

Jobs that call for the skills explored in this talk.