Share GitHub Tokens Securely

The problem

GitHub personal access tokens and deploy keys grant direct access to repositories, CI/CD pipelines, and organization resources. Sharing them over Slack or email leaves them in searchable message histories where automated scanners and malicious actors can harvest them. GitHub actively scans for leaked tokens but cannot protect credentials already stored in chat logs.

How Vaulted helps

Vaulted encrypts your GitHub token client-side with AES-256-GCM before it ever leaves your browser. The self-destructing link ensures the token is available only until the recipient retrieves it. Zero-knowledge architecture means the Vaulted server never has access to your token in plaintext.

How to do it

1. Paste your GitHub personal access token or deploy key into Vaulted
2. Set a single-view limit and a short expiration window
3. Share the encrypted link with the developer who needs repository access
4. They copy the token, configure their environment, and the link self-destructs

Share GitHub tokens from the command line

Use the Vaulted CLI to share GitHub tokens without opening a browser: npx vaulted-cli "ghp_xxxxxxxxxxxx" --views 1 --expires 1h. Add a passphrase for extra security: npx vaulted-cli "ghp_xxxxxxxxxxxx" -v 1 -p mypassphrase. Install globally with npm install -g vaulted-cli.

Share GitHub tokens in GitHub Actions

Use the Vaulted GitHub Action to share tokens in CI/CD workflows: uses: vaulted-fyi/share-secret@v1 with your GitHub token as the secret input. The action encrypts client-side and outputs a self-destructing link. Available on GitHub Marketplace.