이 버전의 GitHub Enterprise Server는 다음 날짜에 중단됩니다. 2026-03-17. 중요한 보안 문제에 대해서도 패치 릴리스가 이루어지지 않습니다. 더 뛰어난 성능, 향상된 보안, 새로운 기능을 위해 최신 버전의 GitHub Enterprise Server로 업그레이드합니다. 업그레이드에 대한 도움말은 GitHub Enterprise 지원에 문의하세요.

시크릿 참조

GitHub Actions에서 비밀에 대한 기술 정보를 찾아보세요.

이 기사에서

Naming your secrets

To help ensure that GitHub redacts your secrets in logs correctly, avoid using structured data as the values of secrets.

The following rules apply to secret names:

  • Can only contain alphanumeric characters ([a-z], [A-Z], [0-9]) or underscores (_). Spaces are not allowed.
  • Must not start with the GITHUB_ prefix.
  • Must not start with a number.
  • Are case insensitive when referenced. GitHub stores secret names as uppercase regardless of how they are entered.
  • Must be unique to the repository, organization, or enterprise where they are created.

If a secret with the same name exists at multiple levels, the secret at the lowest level takes precedence. For example, if an organization-level secret has the same name as a repository-level secret, then the repository-level secret takes precedence. Similarly, if an organization, repository, and environment all have a secret with the same name, the environment-level secret takes precedence.

Limits for secrets

You can store up to 1,000 organization secrets, 100 repository secrets, and 100 environment secrets.

A workflow created in a repository can access the following number of secrets:

  • All 100 repository secrets.
  • If the repository is assigned access to more than 100 organization secrets, the workflow can only use the first 100 organization secrets (sorted alphabetically by secret name).
  • All 100 environment secrets.

Secrets are limited to 48 KB in size. To store larger secrets, see Using secrets in GitHub Actions.

When GitHub Actions reads secrets

Organization and repository secrets are read when a workflow run is queued, and environment secrets are read when a job referencing the environment starts.

Automatically redacted secrets

GitHub automatically redacts the following sensitive information from workflow logs.

참고

If you would like other types of sensitive information to be automatically redacted, please reach out to us in our community discussions.

  • 32-byte and 64-byte Azure keys
  • Azure AD client app passwords
  • Azure Cache keys
  • Azure Container Registry keys
  • Azure Function host keys
  • Azure Search keys
  • Database connection strings
  • HTTP Bearer token headers
  • JWTs
  • NPM author tokens
  • NuGet API keys
  • v1 GitHub installation tokens
  • v2 GitHub installation tokens (ghp, gho, ghu, ghs, ghr)
  • v2 GitHub PATs

Security

For security best practices using secrets, see Secure use reference.