> ## Documentation Index
> Fetch the complete documentation index at: https://docs.talosjs.com/llms.txt
> Use this file to discover all available pages before exploring further.

# github:secret:push

> Create or update a GitHub Actions secret on a repository.

Create or update a [GitHub Actions secret](https://docs.github.com/actions/security-guides/using-secrets-in-github-actions) on a repository without leaving the terminal. The command resolves the target repository from the `origin` remote in `.git/config` in the current directory, reads your saved token, and hands the value to `gh secret set`, which encrypts it locally before uploading. When it finishes, it prints the repository's settings URL where the secret can be seen.

<Note>
  This command shells out to the [GitHub CLI](https://cli.github.com) (`gh`), so `gh` must be installed and on your `PATH`. It performs the local encryption GitHub requires before the secret is sent.
</Note>

Pushing a secret requires a GitHub token saved with [`github:credentials:create`](/cli/commands/github-credentials-create). The token is read from `~/.talos/credentials/github.yml` and passed to `gh` through `GH_TOKEN`, so it authenticates with your stored token rather than a separate `gh auth login`.

## Usage

```bash theme={null}
talos github:secret:push [options]
```

Run this from inside the repository whose secret you want to set — the `owner/repo` slug is taken from that repository's `origin` remote.

## Examples

Run with no flags to be prompted for the secret name and value (the value input is hidden):

```bash theme={null}
talos github:secret:push
```

Provide the name and value non-interactively (useful in CI):

```bash theme={null}
talos github:secret:push --name=DOCKER_TOKEN --value="$DOCKER_TOKEN"
```

## Options

| Option     | Description                                              | Default                      |
| ---------- | -------------------------------------------------------- | ---------------------------- |
| `--name`   | Name of the GitHub Actions secret to create or update.   | Prompted if omitted          |
| `--value`  | Value to store for the secret.                           | Prompted (hidden) if omitted |
| `--silent` | Suppress the spinner, success message, and settings URL. | `false`                      |

The repository is always resolved from the `origin` remote in `.git/config` — HTTPS (`https://github.com/owner/repo.git`) and SSH (`git@github.com:owner/repo.git`) remotes are both reduced to the `owner/repo` slug. The command fails if it cannot find a GitHub token, cannot determine the repository from `.git/config`, or `gh secret set` returns an error.

This is a convenient way to populate the CI secrets referenced throughout [deployment](/deployment/api) — for example `DOCKER_TOKEN`, `NPM_TOKEN`, or `PROD_SSH_KEY`.
