Encrypted secrets allow you to store sensitive information in your repository configuraion.
Since a secret is exposed in workflow as an environment variable, its name should start with a letter and may only contain letters, numbers or underscores(_). Spaces are not allowed.
Secrets can be protected by a branch mask, only allowing to be used in workflows running on matching branches. For example, deployment keys should only be available to release or main branch. Using unrestricted secret in public repository is inherently insecure so it is prohibited.
Accessing your secret
To make a secret available to a workflow, it must be referred in a workflow configuration file. For more information see Workflow Configuration.