Get/set secrets via the `/app` endpoint


As I mentioned in An `/app` API endpoint, I would like to suggest a couple extra features for the /app endpoint when authenticated as an app via the JWT. In particular, I would like to (ideally, all of, but each would be useful on its own)

  1. Get current the webhook secret
  2. Get the app’s OAuth secrets
  3. Set the current webhook secret

The idea behind this is to make it easier for people to deploy GitHub apps (e.g. from open source codebases), by just copying over the private key file and the App ID and having the app be able to retrieve all other necessary data from GitHub on startup.


Thanks for the suggestions, Keno – I’ll share this with the team internally to consider. :cake: