Do you know how to handle special characters in GitHub Secrets and Variables?

GitHub Secrets and Variables are an invaluable way to store sensitive information such as API keys, tokens, and passwords for use in your GitHub Actions. However, it's important to understand how special characters are handled in order to avoid issues in your workflows.
When storing Secrets and Variables in GitHub, it's common that these are stored with special characters (for example: "$", "&", "(", ")", "<", ">"). We have a few ways to use these in our GitHub Actions:

1. ❌ **Bad** - Referencing the raw text as-is
2. ✅ **Good** - Referencing the raw text in enclosing quotes
3. ✅ **Best** - Escaping all special characters when saving the Secret or Variable

### ❌ Referencing as-is

Storing text containing special characters Secret or Variable and referencing this directly in our Action can lead to issues as it might not be interpreted as text as intended.


<imageEmbed
  alt="Image"
  size="large"
  showBorder={false}
  figureEmbed={{
    preset: "default",
    figure: 'A Secret or Variable with special characters can cause issues if improperly handled',
    shouldDisplay: true
  }}
  src="/uploads/rules/handle-special-characters-on-github/secret-with-parentheses.png"
/>

<imageEmbed
  alt="Image"
  size="large"
  showBorder={false}
  figureEmbed={{
    preset: "badExample",
    figure: 'Bad example - Accessing this Secret as-is will lead to a syntax error in our Action',
    shouldDisplay: true
  }}
  src="/uploads/rules/handle-special-characters-on-github/action-no-quotes.png"
/>


<imageEmbed
  alt="Image"
  size="large"
  showBorder={false}
  figureEmbed={{
    preset: "default",
    figure: 'A syntax error is thrown due to the special characters',
    shouldDisplay: true
  }}
  src="/uploads/rules/handle-special-characters-on-github/parentheses-error.png"
/>

### ✅ Referencing in quotes

One simple way to avoid this is to wrap your Secrets or Variables in single or double quotes when using them in your GitHub Actions. This will ensure that these are not interpreted incorrectly and will be treated as a string.

<imageEmbed
  alt="Image"
  size="large"
  showBorder={false}
  figureEmbed={{
    preset: "goodExample",
    figure: 'Good example - Wrapping our Secret in quotes means it will be correctly treated as text',
    shouldDisplay: true
  }}
  src="/uploads/rules/handle-special-characters-on-github/action-with-quotes.png"
/>


<imageEmbed
  alt="Image"
  size="large"
  showBorder={false}
  figureEmbed={{
    preset: "default",
    figure: 'Our Secret is now handled correctly when wrapped in quotes',
    shouldDisplay: true
  }}
  src="/uploads/rules/handle-special-characters-on-github/output-with-quotes.png"
/>

However, it's important to note that this can still cause issues in certain scenarios. For instance, if the Secret or Variable contains double quotes and is also wrapped by double quotes in our Action, it will have trouble parsing this and will throw an error.

<imageEmbed
  alt="Image"
  size="large"
  showBorder={false}
  figureEmbed={{
    preset: "badExample",
    figure: 'Bad example - Trying to wrap this Secret in double quotes will lead to an error',
    shouldDisplay: true
  }}
  src="/uploads/rules/handle-special-characters-on-github/secret-with-quote.png"
/>


<imageEmbed
  alt="Image"
  size="large"
  showBorder={false}
  figureEmbed={{
    preset: "default",
    figure: 'The lone double quote character means this string cannot be interpreted correctly',
    shouldDisplay: true
  }}
  src="/uploads/rules/handle-special-characters-on-github/quote-error.png"
/>

### ✅ Escaping all special characters when storing Secret or Variable (Recommended)

A better way to handle this is to escape these special characters when storing your Secret or Variable. This can be done by adding a backslash ("") before each special character. This will ensure that these characters are interpreted as literal characters and will also help prevent potential ambiguity from using enclosing quotes.

<imageEmbed
  alt="Image"
  size="large"
  showBorder={false}
  figureEmbed={{
    preset: "goodExample",
    figure: 'Good (best) example - Escaping the special characters mean this string will be interpreted correctly',
    shouldDisplay: true
  }}
  src="/uploads/rules/handle-special-characters-on-github/escaped-secret.png"
/>


<imageEmbed
  alt="Image"
  size="large"
  showBorder={false}
  figureEmbed={{
    preset: "default",
    figure: 'The escaped characters mean our string is now interpreted correctly without the need to wrap in quotes',
    shouldDisplay: true
  }}
  src="/uploads/rules/handle-special-characters-on-github/output-escaped.png"
/>