Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Misleading wording regarding permissions and access to secrets #25504

Closed
1 task done
gmargaritis opened this issue May 11, 2023 · 4 comments · Fixed by #26990
Closed
1 task done

Misleading wording regarding permissions and access to secrets #25504

gmargaritis opened this issue May 11, 2023 · 4 comments · Fixed by #26990
Labels
actions This issue or pull request should be reviewed by the docs actions team content This issue or pull request belongs to the Docs Content team help wanted Anyone is welcome to open a pull request to fix this issue rest Content related to rest - overview.

Comments

@gmargaritis
Copy link
Contributor

gmargaritis commented May 11, 2023
edited
Loading

Code of Conduct

What article on docs.github.com is affected?

https://docs.github.com/en/actions/security-guides/encrypted-secrets

https://github.com/github/docs/blob/main/data/reusables/actions/permissions-statement-secrets-variables-repository.md

What part(s) of the article would you like to see updated?

There's a mismatch between the UI and the API regarding permissions and access rights to secrets.

As stated in github/vscode-github-actions#62 and in https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#about-secrets-in-github-actions authenticated users with collaborator access, can update, create and delete repository secrets through the API. This feature is not available in the UI, since Secrets and variables exist in the Settings tab, which requires admin access.

The docs should reflect this mismatch. I suggest making a distinction between the UI and the API regarding the aforementioned permissions.

Change1:

To create secrets or variables for an organization repository, you must have admin access.

to:

To create secrets or variables for an organization repository, through the GitHub REST API2, you must have collaborator access.
To create secrets or variables for an organization repository, through GitHub.com, you must have admin access.

Additional information

No response

Footnotes

  1. https://github.com/github/docs/blob/main/data/reusables/actions/permissions-statement-secrets-variables-repository.md

  2. https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28

@gmargaritis gmargaritis added the content This issue or pull request belongs to the Docs Content team label May 11, 2023
@welcome
Copy link

welcome bot commented May 11, 2023

Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.

@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label May 11, 2023
@cmwilson21
Copy link
Contributor

cmwilson21 commented May 12, 2023
edited
Loading

@gmargaritis Thanks so much for opening an issue! We appreciate the links and extra context! ✨

I'll triage this for the team to take a look 👀

@cmwilson21 cmwilson21 added actions This issue or pull request should be reviewed by the docs actions team waiting for review Issue/PR is waiting for a writer's review rest Content related to rest - overview. and removed triage Do not begin working on this issue until triaged by the team labels May 12, 2023
@github-actions github-actions bot added the stale There is no recent activity on this issue or pull request label Jul 11, 2023
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jul 19, 2023
@sabrowning1 sabrowning1 reopened this Jul 21, 2023
@github-actions github-actions bot added the triage Do not begin working on this issue until triaged by the team label Jul 21, 2023
@sabrowning1 sabrowning1 added help wanted Anyone is welcome to open a pull request to fix this issue and removed triage Do not begin working on this issue until triaged by the team stale There is no recent activity on this issue or pull request waiting for review Issue/PR is waiting for a writer's review labels Jul 21, 2023
@sabrowning1
Copy link
Contributor

sabrowning1 commented Jul 24, 2023
edited
Loading

👋🏼 Hi @gmargaritis, thanks for opening this issue and providing context! ✨ Clarifying this information makes sense to me 👍🏼 I've added the "help wanted" label. For whoever picks this work up, we should make the following changes:

Change #1

The note in "Encrypted secrets" should be changed from

You can use the REST API to manage secrets. For more information, see "[AUTOTITLE](/rest/actions#secrets)."

to

Users with collaborator access to a repository can use the REST API to manage secrets for that repository, and users with admin access to an organization can use the REST API to manage secrets for that organization. For more information, see "[AUTOTITLE](/rest/actions#secrets)."`

Change #2

The permissions-statement-secrets-variables-repository.md reusable should be changed from

To create secrets {% ifversion actions-configuration-variables %}or variables {% endif %}for a personal account repository, you must be the repository owner. To create secrets {% ifversion actions-configuration-variables %}or variables {% endif %}for an organization repository, you must have `admin` access.

to

To create secrets {% ifversion actions-configuration-variables %}or variables {% endif %}on {% data variables.product.prodname_dotcom %} for a personal account repository, you must be the repository owner. To create secrets {% ifversion actions-configuration-variables %}or variables {% endif %}on {% data variables.product.prodname_dotcom %} for an organization repository, you must have `admin` access. Lastly, to create secrets {% ifversion actions-configuration-variables %}or variables {% endif %}for a personal account repository or an organization repository through the REST API, you must have collaborator access.

Thanks again for your help maintaining our docs!

@gmargaritis
Copy link
Contributor Author

@sabrowning1 Your suggestions make sense 🚀

I can open up a pull request for this one!

@gmargaritis gmargaritis mentioned this issue Jul 24, 2023
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
actions This issue or pull request should be reviewed by the docs actions team content This issue or pull request belongs to the Docs Content team help wanted Anyone is welcome to open a pull request to fix this issue rest Content related to rest - overview.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix misleading wording regarding permissions and access to secrets gmargaritis/docs
3 participants
@gmargaritis @cmwilson21 @sabrowning1