Early access Faultline Teams — organizational memory for recurring CI failures across repos

CI secret or environment variable not available

A required secret or environment variable is not available in this CI job.

secrets-not-available medium confidence ci

Matched signals

  • secret.*not set
  • Context access might be invalid: secrets
  • Secret.*is not defined
  • No secret named
  • secrets.* is not available
  • Environment variable.*not found
  • Error: Input required and not supplied
  • secret value was not supplied

CI secret or environment variable not available

What this failure means

A required secret or environment variable is not available in this CI job. This commonly occurs when a secret was not provisioned for the target environment, when running from a fork, or when a protected variable is accessed by an unprotected branch or pipeline.

Symptoms

Faultline looks for one or more of these log fragments:

secret.*not set
Context access might be invalid: secrets
Secret.*is not defined
No secret named
secrets.* is not available
Environment variable.*not found
Error: Input required and not supplied
secret value was not supplied

Diagnosis

A required secret or environment variable is not available in this CI job. This commonly occurs when a secret was not provisioned for the target environment, when running from a fork, or when a protected variable is accessed by an unprotected branch or pipeline.

Fix steps

  1. Verify the secret is defined at the correct scope (repository, environment, project, group, or context).
  2. GitHub Actions: secrets are unavailable in fork PRs — move secret-using steps to post-merge jobs or use pull_request_target carefully.
  3. GitHub Actions: check the job’s environment: setting and confirm the secret is defined in that environment, not just at the repo level.
  4. GitLab CI: ensure the variable is not marked ‘protected’ if the pipeline runs on an unprotected branch.
  5. CircleCI: confirm the context has been shared with the project and the triggering user has access to it.
  6. Jenkins: verify the credentials ID in the withCredentials block exactly matches the credential defined in Credentials Manager.
  7. Azure Pipelines: check the variable group is linked to the pipeline and the variable is not set as secret without proper permissions.

Validation

  • Re-run the failing workflow step.
  • Confirm the original failure signature for CI secret or environment variable not available is gone.

Why it matters

CI platforms restrict secret access for security. GitHub Actions withholds secrets from fork PRs. GitLab CI exposes masked/protected variables only to protected branches. CircleCI restricts context access by project membership. Any mismatch between where secrets are defined and where the job runs causes the secret to appear empty or undefined.

Prevention

  • Separate secret-consuming jobs from untrusted PR jobs; run deploy and publish steps only after merge.
  • Document which CI variables are needed, their scope, and which environments provide them.
  • Add a validation step that lists required environment variables and fails fast if any are missing.
  • Periodically audit secret definitions to remove stale credentials and ensure all referenced secrets are provisioned.

Try it locally

printenv | sort
echo "VAR set: $(test -n "$VAR_NAME" && echo yes || echo NO)"

How Faultline detects it

Use faultline explain secrets-not-available to see the full playbook.

faultline analyze build.log
faultline explain secrets-not-available

Generated from playbooks/bundled/log/ci/secrets-not-available.yaml. Do not edit directly.

Try it on your own failed log

$ faultline analyze failed.log
Install Faultline CLI View on GitHub
Want this across every CI run? Faultline Teams tracks recurring failures across all your repos and surfaces patterns in a shared dashboard.