How to securely store Azure DevOps PAT token in a GitHub repo?

Question

My GitHub action would try to get a python package from Azure DevOps Artifacts. It needs Azure DevOps credentials to access that package. I made it work using Basic HTTP Authentication.

https://username:[email protected]/simple
pip install your-package --index-url https://pypi.company.com/

However, I don't want to expose my password (PAT token) like this and I want to store it securely so that GitHub would get the PAT token on each build and download the package.

In Jenkins, we can store this in credentials but I am not able to find a similar place in GitHub.

What is the best place I can get my password from? Please advise.

Answer 1

You're looking for Secrets. To add repo-specific secrets, go to a repo and navigate to Settings, then Secrets. Or build your own URL to get there based on this template:

https://github.com/<username>/<reponame>/settings/secrets/actions

EDIT:
For using these secrets in a workflow, see Use encrypted secrets in a workflow. One thing to take into account is proper quoting:

If you must pass secrets within a command line, then enclose them within the proper quoting rules. Secrets often contain special characters that may unintentionally affect your shell. To escape these special characters, use quoting with your environment variables.