[EDI] Create a brief conceptual article on GitHub secrets (#59240)

sabrowning1 · web-flow · commit b06dbb69f263 · 2026-01-22T13:31:13.000Z
diff --git a/content/code-security/concepts/secret-security/github-secret-types.md b/content/code-security/concepts/secret-security/github-secret-types.md
@@ -0,0 +1,29 @@
+---
+title: GitHub secret types
+intro: Learn about the different types of secrets used by {% data variables.product.github %}.
+versions:
+  fpt: '*'
+  ghes: '*'
+  ghec: '*'
+topics:
+  - Secret scanning
+  - Secret Protection
+  - Dependabot
+  - Actions
+  - Codespaces
+contentType: concepts
+---
+
+{% data variables.product.github %} secrets are used to securely store sensitive information like API keys, tokens, and passwords in repositories.
+
+When you store the sensitive information as a {% data variables.product.github %} secret, you remove the need to hardcode the credential or key, and prevent exposure of it in your code or logs. The secret can then be used to authenticate services, manage credentials, and securely pass sensitive data in workflows.
+
+There are {% ifversion fpt or ghec %}three {% else %}two {% endif %}types of secrets used by {% data variables.product.github %}:
+
+* {% data variables.product.prodname_dependabot %} secrets
+* Actions secrets{% ifversion fpt or ghec %}
+* {% data variables.product.prodname_codespaces %} secrets{% endif %}
+
+Depending on the {% data variables.product.github %} secret type, you can create and manage secrets under your repository, organization, or personal account security settings page.
+
+For information on the usage, scope, permissions, and limitations of each secret type, see [AUTOTITLE](/code-security/reference/secret-security/understanding-github-secret-types).
diff --git a/content/code-security/concepts/secret-security/index.md b/content/code-security/concepts/secret-security/index.md
@@ -17,6 +17,7 @@ children:
   - /about-alerts
   - /about-delegated-bypass-for-push-protection
   - /about-secret-scanning-for-partners
+  - /github-secret-types
   - /working-with-push-protection-and-the-github-mcp-server
   - /working-with-push-protection-from-the-rest-api
 redirect_from:
diff --git a/content/code-security/reference/secret-security/understanding-github-secret-types.md b/content/code-security/reference/secret-security/understanding-github-secret-types.md
@@ -16,25 +16,11 @@ redirect_from:
 contentType: reference
 ---
 
-## About {% data variables.product.github %}'s secret types
-
-{% data variables.product.github %} secrets are used to securely store sensitive information like API keys, tokens, and passwords in repositories.
-
-When you store the sensitive information as a {% data variables.product.github %} secret, you remove the need to hardcode the credential or key, and prevent exposure of it in your code or logs. The secret can then be used to authenticate services, manage credentials, and securely pass sensitive data in workflows.
-
-There are {% ifversion fpt or ghec %}three {% else %}two {% endif %}types of secrets used by {% data variables.product.github %}:
-
-* [{% data variables.product.prodname_dependabot %} secrets](#dependabot-secrets)
-* [Actions secrets](#actions-secrets){% ifversion fpt or ghec %}
-* [{% data variables.product.prodname_codespaces %} secrets](#codespaces-secrets){% endif %}
-
-Depending on the {% data variables.product.github %} secret type, you can create and manage secrets under your repository, organization, or personal account security settings page.
-
 {% ifversion fpt or ghec %}
 
-### Understanding how {% data variables.product.github %} stores secrets
+## How {% data variables.product.github %} stores secrets
 
-{% data variables.product.github %} uses [Libsodium sealed boxes](https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes) to encrypt secrets. A secret is encrypted before reaching {% data variables.product.github %} and remains encrypted until it's used by the relevant service ({% data variables.product.prodname_dependabot %}, {% data variables.product.prodname_actions %}, or {% data variables.product.prodname_codespaces %}).
+{% data variables.product.github %} uses [Libsodium sealed boxes](https://libsodium.gitbook.io/doc/public-key_cryptography/sealed_boxes) to encrypt secrets. A secret is encrypted before reaching {% data variables.product.github %} and remains encrypted until it's used by {% data variables.product.prodname_dependabot %}, {% data variables.product.prodname_actions %}, or {% data variables.product.prodname_codespaces %}.
 
 {% endif %}
 
