Setting an Actions secret with Octokit.rb - Ruby Example

Here's a Ruby example of how to set a GitHub Actions secret using Octokit in Ruby.

The secret needs to be encrypted before it is sent to the API. You need the octokit and rbnacl gems installed.

require "octokit"
require "rbnacl"

client = Octokit::Client.new(access_token: ACCESS_TOKEN)
value = "my-super-secret-value"

# First, you need the public key for your repo.
github_key = client.get_actions_public_key("org/repo-name")
key_id = github_key[:key_id]
public_key = RbNaCl::PublicKey.new(Base64.decode64(github_key[:key]))

# Use the public key to encrypt the secret
box = RbNaCl::Boxes::Sealed.from_public_key(public_key)
encrypted_secret = Base64.strict_encode64(box.encrypt(value))

client.create_or_update_actions_secret("org/repo-name", "SECRET_NAME", { encrypted_value: encrypted_secret, key_id: key_id })

There you go, I hope that saved you some time.

If you have issues with the Octokit gem, I recommend going to their repo and looking at the source. I have found the docs are occasionally out of date with the latest release.

These docs are useful to learn more: https://developer.github.com/v3/actions/secrets/#create-or-update-a-secret-for-a-repository