Working with secrets
A very important part of all automation workflows is handling secrets. It doesn't matter if you deploy an application or access an API – you always need credentials or keys that you have to handle carefully.
In GitHub, you can store secrets securely at the repository level, organization level, or for an environment. Secrets are stored and transported encrypted, and they do not show up in logs.
For secrets at the organization level, you can define which repositories have access to the secret. For secrets at an environment level, you can define required reviewers: only if they approve the workflow can they access the secrets.
Tip
Secret names are not case-sensitive, and they can only contain normal characters ([a-z] and [A-Z]), numbers ([0-9]), and the underscore character (_). They must not start with GITHUB_ or a number.
A best practice is to name the secrets with uppercase words that are separated by the underscore (_) character.
