If you discover a security vulnerability, please report it privately via GitHub Security Advisories rather than opening a public issue.
All credentials must be passed as environment variables. The orchestrator
never reads secrets from config files, CLI arguments, or with: inputs.
| Secret | Required For | Scope |
|---|---|---|
ANTHROPIC_API_KEY |
--tool claude-code |
Anthropic API access |
OPENAI_API_KEY |
--tool codex |
OpenAI API access |
GITHUB_TOKEN |
--tool copilot, PR creation |
Repo contents + PRs only |
Always pass secrets via the env: block, never via with: inputs:
- uses: moonrunnerkc/swarm-orchestrator@main
with:
goal: "Your goal here"
tool: claude-code
env:
ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }}Always set minimal workflow permissions:
permissions:
contents: write
pull-requests: write- Use fine-grained GitHub PATs with only
contents:writeandpull-requests:write. Set expiry to 30 days or less. - Rotate API keys on a regular cadence (30-90 days).
- Never commit
.env, key files, or credentials to the repository. - Session artifacts (transcripts, session state) are automatically redacted for known secret values at the end of every run.
- Preferred: Workload Identity Federation (zero static secrets).
- Fallback (only if WIF is impossible): Short-lived service-account keys (1 hour max) passed via GitHub Secrets. Long-lived JSON key files are deprecated and should not be used.
Verify the following patterns are present in .gitignore:
.env*
*.key
*.pem
service-account*.json