GitHub deliberately won't show you a secret's value after it's saved — you can only overwrite it. Usually that's fine. But sometimes the value you stored is the only surviving copy of something you need back — a signing password, an API key you didn't save elsewhere — and you have write access to the repo's workflows.
You can recover it. Here's the specific workaround.
Why the obvious tricks fail
GitHub scans log output and replaces any exact match of a registered secret with ***:
- run: echo "${{ secrets.MY_SECRET }}" # -> ***








