Clarify Actions secrets unavailable for Dependabot-triggered workflows (#57036)

Co-authored-by: mc <42146119+mchammer01@users.noreply.github.com>
2025-12-19 18:10:59 -05:00 · 2025-08-11 03:06:29 -05:00
parent 0123c1173f
commit 8c13128807
1 changed files with 2 additions and 1 deletions
--- a/content/actions/how-tos/write-workflows/choose-what-workflows-do/use-secrets.md
+++ b/content/actions/how-tos/write-workflows/choose-what-workflows-do/use-secrets.md
@@ -167,7 +167,8 @@ You can check which access policies are being applied to a secret in your organi
 > [!NOTE]
 > * {% data reusables.actions.forked-secrets %}
 > * Secrets are not automatically passed to reusable workflows. For more information, see [AUTOTITLE](/actions/using-workflows/reusing-workflows#passing-inputs-and-secrets-to-a-reusable-workflow).
-> {% data reusables.actions.about-oidc-short-overview %}
+> * Secrets are not available to workflows triggered by {% data variables.product.prodname_dependabot %} events. For more information, see [AUTOTITLE](/code-security/dependabot/troubleshooting-dependabot/troubleshooting-dependabot-on-github-actions#accessing-secrets).
+> * {% data reusables.actions.about-oidc-short-overview %}

 > [!WARNING] Mask all sensitive information that is not a {% data variables.product.prodname_dotcom %} secret by using `::add-mask::VALUE`. This causes the value to be treated as a secret and redacted from logs.