Back to GitHub Actions
GitHub Actions Security
GitHub Actions Security Overview
GitHub Actions provides multiple security layers including encrypted secrets, environment-scoped variables, OIDC for cloud authentication, and security hardening for self-hosted runners.
Secrets and Environment Protection
Encrypted secrets are scoped to repositories or environments and are not exposed in logs. Environment-specific secrets and deployment protection rules add extra security layers for production deployments.
OIDC Authentication
OpenID Connect allows workflows to authenticate to cloud providers (AWS, Azure, GCP, HashiCorp Vault) without storing long-lived credentials as secrets. This reduces the risk of credential exposure.