Instance-level secrets

[jbgomond]

Feature Description

Hello,

Currently, we have user, organization and repository secrets.
But I'm in a case where the secrets will be the same across all the instance. Today, I have to duplicate all values in all organizations.

Would it be a good idea to have them also at the server level ?
Of course, that would apply also to variables, recently added.

Best regards

Screenshots

No response

[lunny]

What's your use case?

[jbgomond]

I am trying out the actions to replace our current external pipeline when it becomes stable.
It works fine, but our Gitea server is dedicated for projects owned by the firm, and we are sending the docker images to the same registry that needs a login/password.

Today, with secrets at the organization level being the highest, I need to duplicate the DOCKER_LOGIN and DOCKER_PASSWORD secrets to all of them. And if they change, we need to update more than 50 orgs.

Server level secrets would mean being able to set those common values once, by the server administrator. They could be overwritten by organization, repository or user secrets if needed on a case-by-case basis.

[jbgomond]

I saw the proposal was accepted, thanks ! I'm willing to work on it if no one has started yet :)

[puni9869]

Could you explain this for me once again with a use case, specially the instance is that a gitea cluster instance or single instance. If you have org level secrets you can share among all, saying that I would like to learn more about this problem.

[jbgomond]

We have a single instance, with secrets that must be shared across all orgs. These secrets are to access to a docker registry in my case. Today, I have to duplicate these credentials in all orgs. Tomorrow, with the PR, I can set them once at the instance level, so they apply across all orgs.