Emergency Access Automation: Critical Issues to GitHub Secrets

Create a critical Linear issue and assign it to the security team. Notis immediately grants them access to the necessary GitHub Actions secrets so they can push emergency fixes without asking for permission.

Trigger

Issue Created Trigger

Triggered when a new issue is created.

GitHub logo

Action

Add selected repository to an organization secret

Adds a repository to an organization secret's access list when the secret's visibility is 'selected'; this operation is idempotent.

Why this helps

A security issue is discovered and assigned to an engineer who doesn't have access to GitHub Actions secrets. They have to wait for someone to manually grant access, delaying the fix by hours.

  • Reduce mean-time-to-response for security and critical issues
  • Eliminate the step where access has to be manually granted
  • Trust that assigned team members always have the tools they need
  • Maintain security while streamlining the response process

Setup

Build it in a few focused steps.

  • 1Connect Linear and GitHub to Notis
  • 2Identify which GitHub Actions secrets are needed for emergency responses (deploy keys, API tokens, etc.)
  • 3Create an automation: 'When a new issue is created in Linear with the Security label, grant the assigned team member access to GitHub Actions secrets'
  • 4Customize the secret list in your prompt: 'grant access to DEPLOY_KEY and DATABASE_SECRET'
  • 5Set trigger to 'Linear issue created'
  • 6Test by creating a test security Linear issue and verifying access is granted

Questions about this workflow

How do I know which secrets to include?

Work with your DevOps or infrastructure team to identify which secrets are needed for emergency response. Your automation can be specific: 'grant emergency secrets' or broad: 'grant all deploy and API secrets'.

Is this a security risk?

It's a calculated trade-off: faster response time for security issues vs. broader access. Rotate secrets regularly and audit access logs. You can limit this to specific people: 'only grant access if the issue is assigned to an on-call engineer'.

What if someone is assigned by mistake?

Access is granted immediately, but can be revoked manually. You can also add guardrails: 'only grant if the issue has the security label AND the assigned person is on the on-call rotation'.

Can I revoke access automatically when the issue is resolved?

Yes. Create a complementary automation: 'When a security issue is marked Done, revoke the temporary secret access'.

Does this work for non-critical issues?

It can, but it's designed for critical/security work. For routine access, use the team permissions automation instead.

When this happens · Trigger

Do this · Action

Supported Triggers and Actions

Notis builds workflows that link Linear to GitHub. A trigger fires from one place; an action lands in another.

Linear logo

Linear triggers

GitHub logo

GitHub actions

Comment Received Trigger

Triggered when a comment is received.

TriggerInstant

Accept a repository invitation

Accepts a pending repository invitation that has been issued to the authenticated user.

ActionInstant

Issue Created Trigger

Triggered when a new issue is created.

TriggerInstant

List repositories starred by the authenticated user

Deprecated: lists repositories starred by the authenticated user, including star creation timestamps; use 'list repositories starred by the authenticated user' instead.

ActionInstant

Issue Updated Trigger

Triggered when an issue is updated. For example labels are changed, issue status is changed, etc.

TriggerInstant

List stargazers

Deprecated: lists users who have starred a repository; use `list stargazers` instead.

ActionInstant

Private Team Comment Created

Fires when a new comment is posted on an issue in a private Linear team (polled with the connected user's token).

TriggerPolling

Star a repository for the authenticated user

Deprecated: stars a repository for the authenticated user; use `star a repository for the authenticated user` instead.

ActionInstant

Private Team Issue Created

Fires when a new issue appears in a private Linear team (polled with the connected user's token).

TriggerPolling

Add email for auth user

Adds one or more email addresses (which will be initially unverified) to the authenticated user's github account; use this to associate new emails, noting an email verified for another account will error, while an existing email for the current user is accepted.

ActionInstant

Private Team Issue Properties Updated

Fires when properties on an issue change in a private Linear team (polled with the connected user's token).

TriggerPolling

Add app access restrictions

Replaces github app access restrictions for an existing protected branch; requires a json array of app slugs in the request body, where apps must be installed and have 'contents' write permissions.

ActionInstant

Project Created

Fires when a new Linear project is created. Covers projects in both public and private teams — polls with the connected user's token, so visibility matches what the connected user can see in Linear.

TriggerPolling

Add a repository collaborator

Adds a github user as a repository collaborator, or updates their permission if already a collaborator; `permission` applies to organization-owned repositories (personal ones default to 'push' and ignore this field), and an invitation may be created or permissions updated directly.

ActionInstant

Project Properties Updated

Fires when properties on a Linear project change (status, lead, target date, priority, etc.). Covers projects in both public and private teams — polls with the connected user's token.

TriggerPolling

Add a repository to an app installation

Adds a repository to a github app installation, granting the app access; requires authenticated user to have admin rights for the repository and access to the installation.

ActionInstant

Connect any two apps with Notis in the middle.

Not just Linear and GitHub. Any combination from 985+ integrations.

When this happens · Trigger

Do this · Action

Save your first hour today.

7 days free trial with 20$ free usage included.
No card. Works with personal or business GitHub.