GitHub Actions secret is empty or undefined in an if condition
Secrets cannot be used in many if expressions directly and resolve to empty when undefined. A step gated on an unset secret silently skips, and one that requires it later fails confusingly.
What this error means
A step guarded by an if that checks a secret never runs (or always runs), because the secret is empty/undefined where the condition is evaluated.
github-actions
if: ${{ secrets.DEPLOY_KEY != '' }} # evaluates with an empty secret -> step skippedCommon causes
Secret undefined for this context
The secret is not set for the repo/environment, or is unavailable (fork PR), so it resolves to empty.
Secrets referenced where not permitted
Some condition contexts cannot read secrets directly, making the check unreliable.
How to fix it
Map the secret to an env var, then test that
- Assign the secret to a job/step-level env var.
- Reference env.<NAME> in the if condition instead of secrets.
- Confirm the secret exists for the target repo/environment.
.github/workflows/ci.yml
env:
DEPLOY_KEY: ${{ secrets.DEPLOY_KEY }}
steps:
- if: env.DEPLOY_KEY != ''
run: ./deploy.shHow to prevent it
- Surface secrets through env vars before testing them in if.
- Verify secrets are defined for the target repo/environment.
- Account for forks where secrets are unavailable.
Related guides
GitHub Actions "Unrecognized named-value: 'secrets'" Where UnavailableFix GitHub Actions "Unrecognized named-value: `secrets`" - using the secrets context in runs-on, a service im…
GitHub Actions Secrets Empty in Fork Pull RequestsUnderstand why GitHub Actions secrets are empty in pull requests from forks - pull_request runs from forks ge…
GitHub Actions "Input required and not supplied: github-token"Fix GitHub Actions "Input required and not supplied: github-token" - an action needs a github-token input tha…