Skills

managing-github-actions-secrets

Installation
SKILL.md

Managing GitHub Actions secrets for PostHog

PostHog centralizes all GitHub Actions secrets at the organization level and grants individual repositories access to them. Do not add secrets to a single repo, even if the secret is only consumed by one workflow today.

The rule

  • Always create secrets on the posthog org, not on a repo.
  • Grant the secret to specific repos via the org-level access control (selected repositories). Do not make it available to all repos by default unless the secret is genuinely meant to be shared org-wide.
  • Never paste secret values into chat, PR descriptions, commit messages, or files. Pipe them in, or paste them only into the GitHub UI's secret field.

Creating or updating a secret via gh CLI

Pipe the secret value into gh secret set with --org posthog. The example below reads the value from stdin so it never appears in shell history:

Installs
3
Repository
posthog/posthog-foss
GitHub Stars
513
First Seen
3 days ago
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
managing-github-actions-secrets — posthog/posthog-foss