What Is a Pipeline Secret Scope?
A pipeline secret scope is the boundary that controls where a secret can be read within a CI/CD system. It limits a credential to particular jobs, branches, or deployment environments rather than exposing it to every step in the pipeline. Scoping follows the principle of least privilege for build-time secrets.
Why it matters
A secret available to every job is a secret one compromised step can exfiltrate. Tight scoping shrinks the blast radius if any single job is exploited.
Related guides
What Is an Environment-Scoped Secret?An environment-scoped secret is a credential bound to one deployment environment, so a job can read it only w…
What Is Secret Inheritance?Secret inheritance is how a called workflow receives secrets from its caller, controlling whether downstream…
What Is an Organization Secret?An organization secret is a credential defined once at the org level and shared across many repositories, avo…