npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2025 – Pkg Stats / Ryan Hefner

gh-secrets-sync

v0.1.5

Published

CLI tool to batch sync GitHub Actions secrets across multiple repositories.

Downloads

124

Vulnerabilities

Powered byPowered by Snyk
  • 0High
  • 0Medium
  • 0Low

Links

Git

Maintainers

octohashoctohash

Keywords

githubactionssecretssync

Readme

GitHub Secrets Sync

npm version bundle JSDocs License

A CLI tool to batch sync GitHub Actions secrets across multiple repositories. Sync secrets from a central repository to target repositories using GitHub CI.

Why?

Managing GitHub Actions secrets across multiple repositories can be tedious:

  • Manual repetition: You need to manually add the same secret to each repository
  • Error-prone: Easy to forget to update a secret in one of the repositories

This tool automates the process, allowing you to sync secrets across multiple repositories with a single command.

Usage

Create a configuration file (secrets.config.yaml) in your central repository or local directory:

repos:
  - owner/vscode-*

envs:
  - VSCE_PAT
  - OVSX_PAT

[!NOTE] Both repos and envs support * wildcards. For repos, the tool lists all repositories accessible by your token and filters by the pattern (e.g., owner/vscode-*). For envs, wildcards are expanded by listing secrets from the central repository and matching by name. The central repository is auto-detected in GitHub Actions (from the checked-out repo); for local runs, pass --repo <owner/repo>.

Local usage

If GitHub CI feels too complex, you can simply run it locally:

# Set your token and secret values in env
export GH_PAT=...
export VSCE_PAT=...
export OVSX_PAT=...

npx gh-secrets-sync

GitHub CI usage

Set up GitHub CI in your central repository:

# .github/workflows/sync-secrets.yml
name: Sync Secrets

permissions:
  contents: write

on:
  push:
    branches: [main]
  schedule:
    - cron: '0 0 * * *'
  workflow_dispatch:

jobs:
  sync:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Set node
        uses: actions/setup-node@v4
        with:
          node-version: lts/*

      - name: Sync Secrets
        # if regex patterns are used in `repos` or `secrets` must set `--yes` in GitHub Actions
        run: npx gh-secrets-sync --yes
        env:
          GH_PAT: ${{secrets.GH_PAT}}
          VSCE_PAT: ${{secrets.VSCE_PAT}}
          OVSX_PAT: ${{secrets.OVSX_PAT}}

Configure secrets in your central repository:

  • Go to your central repository Settings > Secrets and variables > Actions
  • Add GH_PAT as a repository secret (this is your GitHub Personal Access Token)
  • Add VSCE_PAT and OVSX_PAT as repository secrets

How to Get Your GitHub Token

  1. Go to GitHub Personal Access Tokens
  2. Click "Generate new token"
  3. Give it a descriptive name like "Secrets Sync Tool"
  4. Select the required scopes:
    • Repository permissions > Secrets: Read and write
    • Repository permissions > Actions: Read and write
    • Metadata
  5. Click "Generate token"
  6. Add the token as a repository secret named GH_PAT in your central repository

License

MIT License © jinghaihan