GitHub Dotenv Secrets
gh-import-dotenv-to-secrets is a small helper for copying simple .env entries into GitHub Actions repository secrets.
Use it only in the repository that should receive the secrets. It has no dry-run mode and gh secret set overwrites secrets with matching names.
Input format
Section titled “Input format”The script reads .env from the current directory:
KEY=valueQUOTED="value"SINGLE_QUOTED='value'It skips empty keys and lines whose key starts with #.
For each remaining line, it strips one leading and trailing single or double quote from the value, then runs:
gh secret set "$key" -b"$value_no_quotes"Run it
Section titled “Run it”From the target GitHub repository:
gh auth statusgh repo view --json nameWithOwnergh-import-dotenv-to-secretsVerify the resulting secret names:
gh secret listWhat it is not
Section titled “What it is not”This helper is not a full dotenv parser. Avoid using it for:
- Multiline values.
export KEY=valuesyntax.- Values containing unescaped
=that need exact dotenv parsing semantics. - Environment or organisation secrets.
- Selective import.
For those cases, use gh secret set directly.
Safer manual alternative
Section titled “Safer manual alternative”For one or two secrets, prefer setting them explicitly:
gh secret set MY_SECRET -b"$MY_SECRET"That keeps the target secret name and value source obvious.
Troubleshooting
Section titled “Troubleshooting”If the command writes to the wrong repository, stop and rotate or replace the affected secrets in GitHub. Then rerun from the correct repository.
If a value imports with quotes still attached, set that secret manually with gh secret set. This wrapper only strips a simple matching quote at the beginning and end.
If gh secret set fails, check GitHub authentication and repository permissions:
gh auth statusgh repo view --json nameWithOwner