Table: github_actions_repository_secret - Query GitHub Actions Repository Secrets using SQL
GitHub Actions is a service provided by GitHub that allows you to automate, customize, and execute your software development workflows right in your repository. GitHub Actions makes it easy to automate all your software workflows, now with world-class CI/CD. It enables you to build, test, and deploy your code right from GitHub.
Table Usage Guide
The github_actions_repository_secret table provides insights into secrets stored within a GitHub repository. As a security engineer, explore secret-specific details through this table, including the names of secrets and the dates they were created or updated. Utilize it to uncover information about secrets, such as those that may be outdated or unused, providing a comprehensive view of the repository's security measures.
Important Notes
- You must specify the
repository_full_namecolumn inwhereorjoinclause to query the table.
Examples
List secrets
Explore the hidden aspects of a specific repository within the GitHub Actions environment. This is useful in assessing the security and integrity of the repository.
select *from github_actions_repository_secretwhere repository_full_name = 'turbot/steampipe';select *from github_actions_repository_secretwhere repository_full_name = 'turbot/steampipe';Schema for github_actions_repository_secret
| Name | Type | Operators | Description |
|---|---|---|---|
| _ctx | jsonb | Steampipe context in JSON form. | |
| created_at | timestamp with time zone | Time when the secret was created. | |
| login_id | text | =, !=, ~~, ~~*, !~~, !~~* | Unique identifier for the user login. |
| name | text | = | The name of the secret. |
| repository_full_name | text | = | Full name of the repository that contains the secrets. |
| selected_repositories_url | text | The GitHub URL of the repository. | |
| sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
| sp_ctx | jsonb | Steampipe context in JSON form. | |
| updated_at | timestamp with time zone | Time when the secret was updated. | |
| visibility | text | The visibility of the secret. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- githubYou can pass the configuration to the command with the --config argument:
steampipe_export_github --config '<your_config>' github_actions_repository_secret