Skip to content
Latchkey

GitHub Actions "secret too large (64KB limit)"

Individual GitHub Actions secrets are capped at 64KB. Storing a large file (a full keystore, a PEM bundle, a config blob) as one secret exceeds the limit. This is a deterministic limit, not a flake.

What this error means

Saving or using a secret fails because the value is larger than the maximum allowed size.

github-actions
Error: Encrypted secret value is too large. The maximum size for a secret is 64 KB.

Common causes

Large file stored as one secret

A keystore, certificate chain, or config file larger than 64KB cannot be a single secret.

Base64 inflation

Base64-encoding a near-limit binary pushes it over 64KB.

How to fix it

Encrypt the file and store only the key

  1. Commit the large file encrypted (e.g. with a tool like sops or gpg) and store only the decryption key as a secret.
  2. Decrypt it in the workflow at runtime.
  3. Or split very large values, though encryption is the cleaner approach.
.github/workflows/build.yml
- run: gpg --quiet --batch --yes --decrypt \
    --passphrase="${{ secrets.LARGE_FILE_KEY }}" \
    --output keystore.jks keystore.jks.gpg

How to prevent it

  • Store only small secrets directly; encrypt large files and keep the key as the secret.
  • Avoid base64-encoding near-limit binaries into a single secret.

Related guides

Tired of flaky CI? Latchkey auto-heals failed jobs and retries them for you. Start free →