From 980ebc9d0609803fe0ee0e11abf74ffc75913e12 Mon Sep 17 00:00:00 2001 From: Murukesh Mohanan Date: Fri, 25 Dec 2020 17:14:28 +0900 Subject: [PATCH 1/2] Clarify access level needed for secrets in web interface Closes #1087 I considered changing the `permissions-statement-secrets-repository` reusable to include a reference to the API, but then I noticed that the other place using it (["Enabling debug logging"][1]) already mentioned the API, so instead I added a note. Including a mention of "web interface" lead to (IMO) too much duplication in text, so I rephrased it to be more like the `permissions-statement-secrets-api` reusable. [1]: https://docs.github.com/en/free-pro-team@latest/actions/managing-workflow-runs/enabling-debug-logging --- content/actions/reference/encrypted-secrets.md | 6 ++++++ .../permissions-statement-secrets-repository.md | 2 +- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/content/actions/reference/encrypted-secrets.md b/content/actions/reference/encrypted-secrets.md index f7f502c99d00..0d9b03061c29 100644 --- a/content/actions/reference/encrypted-secrets.md +++ b/content/actions/reference/encrypted-secrets.md @@ -75,6 +75,12 @@ When generating credentials, we recommend that you grant the minimum permissions If your repository {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %}has environment secrets or {% endif %}can access secrets from the parent organization, then those secrets are also listed on this page. +{% note %} + +**Note:** Users with collaborator access can use the REST API to manage secrets for a repository. For more information, see "[{% data variables.product.prodname_actions %} secrets API](/rest/reference/actions#secrets)." + +{% endnote %} + {% if currentVersion == "free-pro-team@latest" or currentVersion ver_gt "enterprise-server@3.0" %} ### Creating encrypted secrets for an environment diff --git a/data/reusables/github-actions/permissions-statement-secrets-repository.md b/data/reusables/github-actions/permissions-statement-secrets-repository.md index 0333c71723ba..17aed4665650 100644 --- a/data/reusables/github-actions/permissions-statement-secrets-repository.md +++ b/data/reusables/github-actions/permissions-statement-secrets-repository.md @@ -1 +1 @@ -To create secrets for a user account repository, you must be the repository owner. To create secrets for an organization repository, you must have `admin` access. +To manage secrets using the web interface, you must be the repository owner for a user account repository, or have `admin` access for an organization repository. From e7445c67a6b796d602a4e32c852b3617d6e1e9a1 Mon Sep 17 00:00:00 2001 From: hubwriter Date: Wed, 3 Mar 2021 17:15:42 +0000 Subject: [PATCH 2/2] Update data/reusables/github-actions/permissions-statement-secrets-repository.md I'm going to go ahead and change this back. --- .../github-actions/permissions-statement-secrets-repository.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/reusables/github-actions/permissions-statement-secrets-repository.md b/data/reusables/github-actions/permissions-statement-secrets-repository.md index 17aed4665650..0333c71723ba 100644 --- a/data/reusables/github-actions/permissions-statement-secrets-repository.md +++ b/data/reusables/github-actions/permissions-statement-secrets-repository.md @@ -1 +1 @@ -To manage secrets using the web interface, you must be the repository owner for a user account repository, or have `admin` access for an organization repository. +To create secrets for a user account repository, you must be the repository owner. To create secrets for an organization repository, you must have `admin` access.