GitHub Actions makes it easy to automate all your software workflows like Building your App, testing and deploying your code etc. Probably you are already using it to build and deploy your applications as well.
But,
How to hide your secrete tokens/API Keys on GitHub workflows?
Your application could be using a free API with limited number of API calls or a paid API costing you money on each API calls. So, you won't like your API keys to be visible to everyone.
In your local machine you were probably using environment variables to hide your secrets in your builds and deployment and guess what you can do the same thing on GitHub actions as well.
Let's see How you can do that.
On your project's GitHub repository Go to Settings > Secrets > Actions
There you will see two options, Environment secrets and Repository secrets. I'm going to use Repository secrets but the workflow is same.
Click on the New repository secret Button
It will create a new secret for you, Give it a Name and a value and finally Add secret
Now, Lets see how to add these secrets in you GitHub workflows files
name: ......
'on': ....
jobs:
build_and_deploy:
runs-on: ubuntu-latest
env:
API_KEY: ${{secrets.YOUR_SECRET_API_KEY}}
steps:
....
....
Now whenever this action will run, it will use the secret value you gave.
So, that was all you have to do to hide your secrets.