How to Hide API Key in GitHub: 1-Min Guide

How to Hide API Key in GitHub

Updated on:

May 12, 2026

By:

Use this interactive demo to learn how to securely store an API key as a GitHub repository secret.

Quick summary

This tutorial shows how to hide an API key in GitHub by storing it as an encrypted repository secret under Actions settings. Using GitHub Secrets keeps sensitive credentials out of your source code and safely accessible to your CI/CD workflows.

Steps

Navigate to your desired repository.
Click on the Settings tab.
Under Security, select Secrets and variables.
Select Actions.
Click New repository secret.
Add your secret name in the empty field.
Provide the value of the secret — your actual API key.
Click Add secret to complete the action.

📌 Why this matters

Exposing API keys in source code is one of the most common and costly security mistakes developers make. GitHub repository secrets let teams store sensitive credentials — like API keys, tokens, and passwords — as encrypted environment variables that are never visible in your codebase. This approach ensures that only authorized GitHub Actions workflows can access the secret at runtime, reducing the risk of credential leaks and unauthorized access. Using GitHub Secrets is a best practice for any team building secure, automated CI/CD pipelines.

Your product deserves an interactive demo

Start free

How to Import a Project from GitHub to Replit

How to Push Code from Replit to GitHub

How to Connect Replit to GitHub