> For the complete documentation index, see [llms.txt](https://docs.stepsecurity.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.stepsecurity.io/github-actions/actions-secret.md).

# Actions Secret

{% hint style="warning" %}
Available for **Enterprise** Tier only
{% endhint %}

The Action Secrets section in StepSecurity allows you to monitor, manage, and track GitHub Actions secrets across an entire organization or within specific repositories.

This helps ensure secure storage and proper usage of sensitive information, such as API keys, tokens, and credentials used within workflows.

To access these features, open your StepSecurity dashboard and navigate to the Action Secrets section. The page has two tabs: **Organization Secrets** and **Repository Secrets**.

### Organization Secrets

* Provides a centralized view of all secrets used across repositories.
* Tracks the last rotation date of secrets, helping enforce regular updates for security.

<figure><img src="/files/eTWn2CkciTtmVosphhLN" alt=""><figcaption></figcaption></figure>

### Repository Secrets

The Repository Secrets tab lists secrets specific to individual repositories, along with rotation age, usage status, and OIDC replaceability.

<figure><img src="/files/l3gRlQBxYK18CDT9Ln3d" alt=""><figcaption></figcaption></figure>

#### Summary cards

At the top of the tab, summary cards give you an at-a-glance view of your repository secrets posture:

* **Total Secrets**: The total number of repository secrets across the organization.
* **Unused Secrets**: Secrets that are not used by any workflow.
* **Stale Secrets**: Secrets that have not been rotated recently.
* **OIDC Replaceable**: Secrets that can be replaced with OpenID Connect (OIDC) authentication, eliminating the need to store the secret at all.

#### Secrets table

Each row in the table shows:

* **Repository**: The repository the secret belongs to.
* **Secret Name**: The name of the secret.
* **Days since last rotated**: How many days have passed since the secret was last updated. Higher values are highlighted to draw attention to secrets that are overdue for rotation.
* **Usage Status**: Whether the secret is actively used in workflows. A secret can be `Active`, `Stale`, `Unused`, or `Unknown`. Secrets that have not been scanned yet show `Unknown`.
* **Used in Workflows**: The workflows that reference the secret. For each workflow, StepSecurity shows the workflow file, the step that uses the secret, the last run time, and the run conclusion. Secrets that have not been scanned show `Not scanned for usage yet`.
* **OIDC**: Whether the secret can be replaced with OIDC. For example, an `NPM_TOKEN` secret shows an `OIDC Available · npm` badge when npm trusted publishing can replace it.

If a secret is used in multiple workflows, expand the row to see all workflows that reference it.

<figure><img src="/files/7y1p4gdPXDaMv6RXr5rq" alt=""><figcaption></figcaption></figure>

#### Filtering

Use the controls above the table to narrow down the list:

* **Search**: Filter by repository or secret name.
* **Status filter**: Filter secrets by status: `Active`, `Stale`, `Unused`, or `Unknown`.
* **OIDC available**: Show only secrets that can be replaced with OIDC.


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter:

```
GET https://docs.stepsecurity.io/github-actions/actions-secret.md?ask=<question>&goal=<endgoal>
```

`ask` is the immediate question: it should be specific, self-contained, and written in natural language.
`goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal.

The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.
