Secrets are encrypted environment variables that you create in a Git repository or organization. The secrets you create are available to use in GitHub Actions workflows. GitHub uses a libsodium sealed box to help ensure that secrets are encrypted before they reach GitHub, and remain encrypted until you use them in a workflow.
You can create a personal access token and use it in place of a password when performing Git operations over HTTPS with Git on the command line or the API.
Below is a list of Github Secrets or Tokens enabled and what they are enabled for.
|Secret/Token||repository where enabled||destination application||destination definition||In LastPass ?||Notes|
|DOCKERHUB_USER||https://github.com/apache/arrow/settings/secrets||https://cloud.docker.com/u/apache/repository/docker/apache/arrow-dev||the asfjenkins user||Yes - search asfjenkins dockerhub||The 'asfjenkins' user is a limited scope user, sole member of the 'jenkins' team in Dockerhub. As such, the 'jenkins' team needs to be added as 'Admin' to any repos in dockerhub where the token(s) will be used.|
|DOCKERHUB_TOKEN||https://github.com/apache/arrow/settings/secrets||https://cloud.docker.com/u/apache/repository/docker/apache/arrow-dev||Token created as the asfjenkins dockerhub user||Yes - search asfjenkins dockerhub|
|SONARCLOUD_TOKEN||various ASF Github projects - set as a global secret at https://github.com/organizations/apache/settings/secrets/actions||https://sonarcloud.io/organizations/apache/projects||Token created as gmcdonald sonarcloud.io user||Yes, search sonarcloud||Global scope for all sonarcloud.io projects|