In today's fast-paced development environment, automation and DevOps is key. However, this often requires the handling of sensitive information such as API keys, credentials, and other secrets. Managing these securely is crucial to avoid unauthorised access and data breaches. In this talk we explore the best practices for managing sensitive information in GitHub automation workflows by using GitHub Secrets starting from basic usage in the GitHub Website UI and giving a general overview and feel for GitHub Secrets and why you would want to use them. Then move on to a more advanced integration where we look at how we can store Secrets securely in Azure Key Vault and how to integrate GitHub automation Workflows with Azure for retrieving Secrets from Key Vault to use in workflows, giving another flexible way of using secrets in code and offers a more centralised management of Secrets.