GH-200 Question #87: Real Exam Question with Answer & Explanation

Question

Your organization is managing secrets using GitHub encrypted secrets, including a secret named SuperSecret. As a developer, you need to create a version of that secret that contains a different value for use in a workflow that is scoped to a specific repository named MyRepo. How should you store the secret to access your specific version within your workflow?

Options

• ACreate MyRepo_SuperSecret in GitHub encrypted secrets to specify the scope to MyRepo.
• BCreate a duplicate entry for SuperSecret in the encrypted secret store and specify MyRepo as the
• CCreate a file with the SuperSecret information in the .github/secrets folder in MyRepo.
• DCreate and access SuperSecret from the secrets store in MyRepo.

Explanation

To override an organization-level secret with a different value for a specific repository, you create a scoped duplicate of that secret targeted at the repository, which takes precedence during workflow execution.

Common mistakes.

• A. GitHub does not use naming conventions or prefixes like 'MyRepo_SuperSecret' to infer repository scope; secret scoping is configured through explicit repository access settings in the secrets management UI or API, not through name construction.
• C. GitHub does not support storing secrets as plain files in a .github/secrets directory; all encrypted secrets must be stored through the GitHub encrypted secrets store to be securely injected into workflows.
• D. Simply creating SuperSecret in MyRepo's secrets store describes a valid repository secret but does not explicitly address the scoping configuration needed to ensure the repository-level value overrides the existing organization-level secret for that specific repository.

Concept tested. GitHub encrypted secrets organization and repository scoping override

Reference. https://docs.github.com/en/actions/security-for-github-actions/security-guides/using-secrets-in-github-actions

No community discussion yet for this question.