How to Use GitHub Actions Secrets to Deploy Securely to a Linux Server

Security is one of the biggest concerns when automating deployments.

If you're deploying from GitHub Actions to a VPS, you must never expose:

  • SSH keys
  • API tokens
  • Server credentials

This is where GitHub Actions Secrets come in.

Using GitHub Actions, you can securely store and use sensitive data in your workflows.

This guide will walk you through everything you need to know.


What are GitHub Actions Secrets?

Secrets are encrypted variables stored in your repository settings.

They allow you to:

  • Store sensitive data securely
  • Access it in workflows
  • Prevent leaks

Why Secrets Matter

Without secrets:

  • Credentials exposed in code
  • High security risk
  • Possible server compromise

Common Use Cases

  • SSH private keys
  • API tokens
  • Database credentials

Step 1: Generate SSH Key

ssh-keygen -t rsa -b 4096

Step 2: Add Public Key to Server

ssh-copy-id user@server-ip

Step 3: Add Private Key to GitHub Secrets

Go to:

  • Repository → Settings → Secrets

Add:

  • SSH_PRIVATE_KEY

Step 4: Use Secrets in Workflow

- name: Setup SSH
  run: |
    mkdir -p ~/.ssh
    echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
    chmod 600 ~/.ssh/id_rsa

Step 5: Deploy Securely

- name: Deploy
  run: |
    rsync -avz . user@server-ip:/var/www/app/

Best Practices for Secrets

  • Never commit secrets
  • Rotate keys regularly
  • Use least privilege

Advanced Security

Use Environment-Based Secrets

Different secrets for staging/production.


Use Encrypted Variables

Protect sensitive data further.


Common Mistakes

  • Hardcoding credentials
  • Exposing logs
  • Not rotating keys

Troubleshooting

Permission Denied

Check key permissions.

Workflow Fails

Check logs in Actions.


Real-World Insight

Most security breaches happen because:

👉 credentials are exposed in code


FAQs

Are GitHub secrets safe?

Yes, encrypted and secure.

Can secrets be accessed publicly?

No.


Final Thoughts

Using GitHub Actions secrets is essential for secure deployments. It’s simple, powerful, and protects your infrastructure from major risks.


Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *