vault/website/content/docs/platform/github-actions.mdx

---
layout: docs
page_title: GitHub actions
description: >-
  Use GitHub action workflow to leverage secrets stored in Vault using vault-action.
---

# GitHub actions

Workflows in GitHub Actions can make use of secrets stored in Vault by using a
[`vault-action`](https://github.com/marketplace/actions/hashicorp-vault) step.

## Example

Here is an example `vault-action` step in a workflow:

```yaml
jobs:
    build:
        # ...
        steps:
            # ...
            - name: Import Secrets
              uses: hashicorp/vault-action@v2.4.0
              with:
                url: https://vault.example.com:8200
                token: ${{ secrets.VAULT_TOKEN }}
                caCertificate: ${{ secrets.VAULT_CA_CERT }}
                secrets: |
                    secret/data/ci/aws accessKey | AWS_ACCESS_KEY_ID ;
                    secret/data/ci/aws secretKey | AWS_SECRET_ACCESS_KEY ;
                    secret/data/ci npm_token
```

This example will authenticate to Vault instance at `https://vault.example.com:8200` with the GitHub secrets defined in
`VAULT_TOKEN` and `VAULT_CA_CERT`, and will add environment variables available for next steps in the workflow:
-  The secret at path `secret/data/ci/aws` with the key `accessKey` available in the environment variable `AWS_ACCESS_KEY_ID`
-  The secret at path `secret/data/ci/aws` with the key `secretKey` available in the environment variable `AWS_SECRET_ACCESS_KEY`
-  The secret at path `secret/data/ci` with the key `npm_token` available in the environment variable `NPM_TOKEN`

## Further information

For more information on using the `vault-action` GitHub Action, visit:

- [Vault GitHub action documentation](https://github.com/marketplace/actions/hashicorp-vault)
- [Vault GitHub actions tutorial](/vault/tutorials/app-integration/github-actions)