[Feature Request] Support for Global Secrets at Gitea System Level for Actions #14677

Closed
opened 2025-11-02 11:19:45 -06:00 by GiteaMirror · 0 comments
Owner

Originally created by @ZPascal on GitHub (Jun 30, 2025).

Feature Description

Summary

Currently, there is no built-in way to define global secrets at the system (instance-wide) level in Gitea that all repositories and workflows can access. This makes it difficult to centrally manage shared secrets such as tokens, credentials, or organization-wide configurations for use in Gitea Actions.

Why is this needed

In many CI/CD environments, it's common to define secrets, such as Docker Hub tokens, internal API keys, or shared environment variables, once and reuse them across multiple repositories. Without global secrets, each repository must duplicate these secrets manually, which is inefficient and error-prone.

Proposed Solution

Introduce support for global secrets that can be defined at the system (admin) level and made available to all repositories running Gitea Actions. Ideally, this would include:

  • A new admin interface: Site Administration → Actions → Secrets
  • Fine-grained controls to limit visibility (e.g., to certain organizations or runners)
  • Ability to override global secrets at the repository level if needed
  • Secure storage of global secrets, similar to repository-level secrets

Benefits

  • Centralized management of shared secrets
  • Reduced duplication and maintenance effort
  • Improved security and consistency
  • Better scalability for organizations using Gitea across many repositories

Workaround (current state)

Some administrators attempt to define environment variables directly on runners or hardcode secrets into custom action scripts — both of which are insecure and difficult to manage at scale.

  • Enhances usability of Gitea Actions
  • Would bring Gitea closer to GitHub Actions and GitLab CI feature parity

Screenshots

No response

Originally created by @ZPascal on GitHub (Jun 30, 2025). ### Feature Description ## Summary Currently, there is no built-in way to define global secrets at the system (instance-wide) level in Gitea that all repositories and workflows can access. This makes it difficult to centrally manage shared secrets such as tokens, credentials, or organization-wide configurations for use in Gitea Actions. ## Why is this needed In many CI/CD environments, it's common to define secrets, such as Docker Hub tokens, internal API keys, or shared environment variables, once and reuse them across multiple repositories. Without global secrets, each repository must duplicate these secrets manually, which is inefficient and error-prone. ## Proposed Solution Introduce support for global secrets that can be defined at the system (admin) level and made available to all repositories running Gitea Actions. Ideally, this would include: - A new admin interface: Site Administration → Actions → Secrets - Fine-grained controls to limit visibility (e.g., to certain organizations or runners) - Ability to override global secrets at the repository level if needed - Secure storage of global secrets, similar to repository-level secrets ## Benefits - Centralized management of shared secrets - Reduced duplication and maintenance effort - Improved security and consistency - Better scalability for organizations using Gitea across many repositories ## Workaround (current state) Some administrators attempt to define environment variables directly on runners or hardcode secrets into custom action scripts — both of which are insecure and difficult to manage at scale. ## Related - Enhances usability of Gitea Actions - Would bring Gitea closer to GitHub Actions and GitLab CI feature parity ### Screenshots _No response_
GiteaMirror added the type/proposal label 2025-11-02 11:19:45 -06:00
Sign in to join this conversation.
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/gitea#14677