hashicorp · robmonte · Aug 7, 2025 · Aug 7, 2025 · Aug 7, 2025
@@ -476,6 +476,8 @@ This endpoint creates a destination to synchronize action secrets with a GitHub
 
 - `name` `(string: <required>)` - Specifies the name for this destination. This is specified as part of the URL.
 
+- `enterprise_url` `(string: "")` - The URL of the GitHub Enterprise Server instance (self-hosted GitHub) to target for syncing secrets.
+
 - `secrets_location` `(string: "repository")` - The GitHub location type of secrets to sync. Must be either `organization` or `repository`.
 
 - `access_token` `(string: ""` - Fine-grained or personal access token.

@@ -7,7 +7,7 @@ description: >-
 
 # Sync secrets from Vault to GitHub
 
-The GitHub actions sync destination allows Vault to safely synchronize secrets as GitHub organization, repository, or environment secrets.
+The GitHub Actions sync destination allows Vault to safely synchronize secrets as GitHub organization, repository, or environment secrets.
 This is a low footprint option that enables your applications to benefit from Vault-managed secrets without requiring them
 to connect directly with Vault. This guide walks you through the configuration process.
 
@@ -153,6 +153,21 @@ Use `vault write` to configure an organization sync destination:
 
   </CodeBlockConfig>
 
+### GitHub Enterprise
+
+In addition to the standard `github.com` destination parameters, you must
+provide your Enterprise server URL with `enterprise_url` to configure GitHub
+Enterprise Server (self-hosted GitHub) destinations. For example, to configure
+repository secrets with GitHub Enterprise:
+
+  ```shell-session
+  $ vault write sys/sync/destinations/gh/DESTINATION_NAME \
+      enterprise_url="https://github.example.com"         \
+      access_token="GITHUB_ACCESS_TOKEN"                  \
+      secrets_location="GITHUB_SECRETS_LOCATION"          \
+      repository_owner="GITHUB_OWNER_NAME"                \
+      repository_name="GITHUB_REPO_NAME"
+  ```
 
 ## Usage
 
@@ -314,6 +329,7 @@ fingerprint    <fingerprint>
 name           <app-name>
 private_key    *****
 ```
+
 </CodeBlockConfig>
 
 <Tip title="Fingerprint verification">
@@ -325,7 +341,6 @@ For more information, see [Verifying private keys](https://docs.github.com/en/ap
 
 </Tip>
 
-
 Next, use `vault write` with the `sys/sync/destinations/gh` endpoint to
 configure a GitHub destination that references your new GitHub application:
 
@@ -345,6 +360,7 @@ name                  my-dest
 options               map[custom_tags:map[] granularity_level:secret-key secret_name_template:VAULT_{{ .MountAccessor | uppercase }}_{{ .SecretPath | uppercase }}_{{ .SecretKey | uppercase }}]
 type                  gh
 ```
+
 </CodeBlockConfig>
 
 You can now [use your GitHub application to sync secrets with your GitHub repository](#usage).