Provisioning of encrypted secrets to runner

[laurentsimon]

The doc https://docs.github.com/en/actions/security-guides/encrypted-secrets#using-encrypted-secrets-in-a-workflow is a bit vague about how secrets are provisioned to runners. I'd like to understand better which secrets are exposed to a workflow:

1. GH scans the workflow to run and unseals the secrets, then launch a request for a runner and gives the decrypted secrets. The runner, as it executes scripts / jobs, uses these secrets where they are referenced, e.g. in env variable and scripts. It's not possible for secrets that are not referenced by the job to be stolen.

2. The runner initially has no access to secrets. Each time it needs a secrets (e.g., when it parse scripts) it makes a REST API call to GH to get the secret. This means secrets that are not references by a job / workflow can be leaked anyway. From a security perspective, this is worse.

Which one is it? Can we update the documentation with this additional information?

[ChristopherHX]

Which one is it?

Neither of the two points, I think the docu is just wrong.

Based on the docu I would come to the conclusion it is your first point.

Based on runner diagnostic logs (Download logs archive) ${{ secrets.TEST }} make secret TEST sent to the runner. (https://github.com/ChristopherHX/osx-packaging-scripts/actions/runs/4208156667/jobs/7303851948). Due the missing secret TEST there is no secret in the variables array of the job request.

Based on runner diagnostic logs (Download logs archive) and job log if you reference ${{tojson(secrets)}}, then all available secrets are sent to the runner (https://github.com/ChristopherHX/osx-packaging-scripts/actions/runs/4208172750/jobs/7303885076)

Based on my experience it is the following:

The Actions Service sends all available secrets to the actions/runner. The only way the remove access to secrets is by using reusable workflows.

If you don't believe me, just print the secrets object and you will see the keys of your secrets. The actions/runner will mask the json encoded secrets just fine. I have proven wrong

A step, which leaks all secrets

```yaml - run: echo "$ALL_MY_SECRETS" env: ALL_MY_SECRETS: ${{ tojson(secrets) }} ```

[laurentsimon]

I don't think that answers my question. In your case, it sends all the secrets could be because in option (1), it knows the workflows has referenced them thru secrets; or it could be in option (2) that the runner requests them from GitHub when "lazily" when it parses the script.

What I'm asking is how it is implemented. Each option provides different guarantees

[ChristopherHX]

actions/runner don't have the code for option 2 and GitHub doesn't permit retrieving secrets via rest apis.

[ChristopherHX]

@laurentsimon Oh you are right ${{ tojson(secrets) }} is exposing them. I was a bit naiv.

It's option 1.

Thank you for pointing it out, I edited my intial comment and crossed out my wrong claims.