GitHub Actions "secret too large (64KB limit)"
Individual GitHub Actions secrets are capped at 64KB. Storing a large file (a full keystore, a PEM bundle, a config blob) as one secret exceeds the limit. This is a deterministic limit, not a flake.
What this error means
Saving or using a secret fails because the value is larger than the maximum allowed size.
github-actions
Error: Encrypted secret value is too large. The maximum size for a secret is 64 KB.Common causes
Large file stored as one secret
A keystore, certificate chain, or config file larger than 64KB cannot be a single secret.
Base64 inflation
Base64-encoding a near-limit binary pushes it over 64KB.
How to fix it
Encrypt the file and store only the key
- Commit the large file encrypted (e.g. with a tool like sops or gpg) and store only the decryption key as a secret.
- Decrypt it in the workflow at runtime.
- Or split very large values, though encryption is the cleaner approach.
.github/workflows/build.yml
- run: gpg --quiet --batch --yes --decrypt \
--passphrase="${{ secrets.LARGE_FILE_KEY }}" \
--output keystore.jks keystore.jks.gpgHow to prevent it
- Store only small secrets directly; encrypt large files and keep the key as the secret.
- Avoid base64-encoding near-limit binaries into a single secret.
Related guides
GitHub Actions "step output exceeds max size"Fix the GitHub Actions error where a step writes an output to GITHUB_OUTPUT that exceeds the allowed size.
GitHub Actions cache "size exceeds 10GB limit"Fix the GitHub Actions cache error where a single cache entry exceeds the 10GB per-cache size limit.
GitHub Actions docker build "--secret id not provided"Fix the GitHub Actions docker build error where a Dockerfile RUN --mount=type=secret references a secret id t…