[daily secrets] Daily Secrets Analysis Report - 2026-03-31

[github-actions[bot]]

🔐 Daily Secrets Analysis Report

Date: 2026-03-31
Workflow Files Analyzed: 178
Run: §23822098059

---

📊 Executive Summary

Metric	Value
Total secrets.* references	3,697 lines
github.token references	725
Unique secret names	26
Workflows using secrets	178 / 178 (100%)
Workflows with redaction	178 / 178 (100%) ✅
Explicit permission blocks	178 / 178 (100%) ✅
Secrets exposed in job outputs	0 ✅

---

🛡️ Security Posture

✅ Universal Redaction: All 178 workflows include redact_secrets steps — no unmasked secrets in logs
✅ Permissions Defined: All 178 workflows have explicit permissions: blocks — no over-permissioned workflows
✅ No Output Leakage: Zero instances of secrets referenced in outputs: blocks
✅ Token Cascade Pattern: All workflows use GH_AW_GITHUB_MCP_SERVER_TOKEN || GH_AW_GITHUB_TOKEN || GITHUB_TOKEN fallback chains for resilient auth
⚠️ HTTP MCP Header Injection: 2 workflows embed secrets.TAVILY_API_KEY directly inside MCP HTTP header JSON configs in run: blocks (see details below)

---

🎯 Key Findings

1. GitHub tokens dominate (84.3%): The vast majority of secret usage (5,541 individual refs across 9 names) is GitHub access tokens, reflecting the GitHub-native nature of these workflows. The token cascade pattern (GH_AW_GITHUB_MCP_SERVER_TOKEN → GH_AW_GITHUB_TOKEN → GITHUB_TOKEN) ensures workflows remain functional across different repo configurations.

2. AI provider key distribution: 382 references across ANTHROPIC (160), OPENAI (108), CODEX (108), GEMINI (4), and SENTRY_OPENAI (2) keys — Anthropic leads at 41.9% of AI provider secret usage, reflecting Claude/Anthropic being the primary non-Copilot AI engine.

3. MCP HTTP header secret interpolation pattern: scout.lock.yml and smoke-claude.lock.yml embed $\{\{ secrets.TAVILY_API_KEY }} directly inside JSON MCP configuration strings within run: blocks (for Tavily HTTP MCP server auth headers). GitHub masks secrets in logs, but this is a structural pattern difference from the standard env-variable approach.

---

💡 Recommendations

1. Review HTTP MCP header secret pattern: The secrets.TAVILY_API_KEY direct interpolation into MCP JSON configs (scout, smoke-claude) is functionally safe (GitHub masks values) but deviates from the env-var best practice. Consider if the compiler can emit these as env vars and reference them via $TAVILY_API_KEY in the JSON instead.

2. Monitor CODEX_API_KEY adoption: With 108 references (equal to OPENAI_API_KEY), Codex engine usage appears significant. Verify these are active workflows and not residual from migration.

3. CI trigger token scope audit: GH_AW_CI_TRIGGER_TOKEN appears in 42 workflows — periodically review which workflows genuinely need cross-repo trigger capabilities.

---

🔑 All 26 Secrets by Usage

Rank	Secret Name	References	Category
1	GITHUB_TOKEN	2,121	GitHub Auth
2	GH_AW_GITHUB_TOKEN	2,041	GitHub Auth (PAT)
3	GH_AW_GITHUB_MCP_SERVER_TOKEN	995	GitHub MCP Auth
4	COPILOT_GITHUB_TOKEN	307	GitHub Copilot Auth
5	ANTHROPIC_API_KEY	160	AI Provider
6	OPENAI_API_KEY	108	AI Provider
7	CODEX_API_KEY	108	AI Provider
8	GH_AW_CI_TRIGGER_TOKEN	42	GitHub Auth (PAT)
9	GH_AW_SIDE_REPO_PAT	19	GitHub Auth (PAT)
10	TAVILY_API_KEY	15	External Service
11	GH_AW_PROJECT_GITHUB_TOKEN	9	GitHub Auth (PAT)
12	NOTION_API_TOKEN	6	External Service
13	GH_AW_AGENT_TOKEN	6	GitHub Auth (PAT)
14	GEMINI_API_KEY	4	AI Provider
15	BRAVE_API_KEY	4	External Service
16	DD_SITE	3	Monitoring
17	DD_APPLICATION_KEY	3	Monitoring
18	DD_API_KEY	3	Monitoring
19	SENTRY_OPENAI_API_KEY	2	Monitoring
20	SENTRY_ACCESS_TOKEN	2	Monitoring
21	CONTEXT7_API_KEY	2	External Service
22	AZURE_TENANT_ID	2	Cloud Auth
23	AZURE_CLIENT_SECRET	2	Cloud Auth
24	AZURE_CLIENT_ID	2	Cloud Auth
25	SLACK_BOT_TOKEN	1	External Service
26	GH_AW_PLUGINS_TOKEN	1	GitHub Auth (PAT)

📂 Secret Categories Breakdown

Category	Secret Count	Total References	% of Total
GitHub Auth Tokens	9	5,541	84.3%
AI Provider Keys	5	382	5.8%
External Service Keys	5	28	0.4%
Monitoring (DD/Sentry)	5	13	0.2%
Cloud Auth (Azure)	3	6	0.1%

Note: Per-secret counts represent individual occurrences across all lines; total exceeds the 3,697 unique lines figure because some lines contain multiple secret references.

⚠️ HTTP MCP Header Pattern Detail

Two workflows contain secrets.TAVILY_API_KEY directly interpolated into MCP HTTP header JSON configuration strings inside run: blocks:

• scout.lock.yml line 772
• smoke-claude.lock.yml line 1976

"headers": {
  "Authorization": "Bearer $\{\{ secrets.TAVILY_API_KEY }}"
}

This pattern is used for HTTP MCP server authentication. GitHub Actions automatically masks secret values in logs, so there is no actual log leakage risk. However, the recommended pattern is to assign the secret to an environment variable first and reference it indirectly.

All other secrets follow the safe env-var pattern:

env:
  TAVILY_API_KEY: $\{\{ secrets.TAVILY_API_KEY }}

📖 Reference Documentation

• Secret usage specification: scratchpad/secrets-yml.md
• Redaction system: actions/setup/js/redact_secrets.cjs
• HTTP MCP headers: skills/http-mcp-headers.md

---

Generated: 2026-03-31T22:20Z
Workflow: daily-secrets

AI generated by Daily Secrets Analysis Agent · history

• expires on Apr 3, 2026, 10:25 PM UTC

[github-actions[bot]]

This discussion has been marked as outdated by Daily Secrets Analysis Agent.

A newer discussion is available at Discussion #23962.