Skip to content
Latchkey

GitHub Actions secret is empty or undefined in an if condition

Secrets cannot be used in many if expressions directly and resolve to empty when undefined. A step gated on an unset secret silently skips, and one that requires it later fails confusingly.

What this error means

A step guarded by an if that checks a secret never runs (or always runs), because the secret is empty/undefined where the condition is evaluated.

github-actions
if: ${{ secrets.DEPLOY_KEY != '' }}   # evaluates with an empty secret -> step skipped

Common causes

Secret undefined for this context

The secret is not set for the repo/environment, or is unavailable (fork PR), so it resolves to empty.

Secrets referenced where not permitted

Some condition contexts cannot read secrets directly, making the check unreliable.

How to fix it

Map the secret to an env var, then test that

  1. Assign the secret to a job/step-level env var.
  2. Reference env.<NAME> in the if condition instead of secrets.
  3. Confirm the secret exists for the target repo/environment.
.github/workflows/ci.yml
env:
  DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
steps:
  - if: env.DEPLOY_KEY != ''
    run: ./deploy.sh

How to prevent it

  • Surface secrets through env vars before testing them in if.
  • Verify secrets are defined for the target repo/environment.
  • Account for forks where secrets are unavailable.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →