From 346750edc72e2eb9f7d5e985d4cf79047446348e Mon Sep 17 00:00:00 2001
From: Maarten Zuidhoorn <maarten@zuidhoorn.com>
Date: Mon, 3 Nov 2025 12:41:49 +0100
Subject: [PATCH] Use secrets for `project-metrics-token` and `slack-webhook`

---
 .github/workflows/security-scan.yml | 9 +++------
 1 file changed, 3 insertions(+), 6 deletions(-)

diff --git a/.github/workflows/security-scan.yml b/.github/workflows/security-scan.yml
index 4eb6b48..cd09a27 100644
--- a/.github/workflows/security-scan.yml
+++ b/.github/workflows/security-scan.yml
@@ -48,16 +48,13 @@ on:
         required: false
         type: string
         default: ''
+    secrets:
       project-metrics-token:
         description: 'Analytics token to log failed builds'
         required: false
-        type: string
-        default: ''
       slack-webhook:
         description: 'Slack webhook for notifications'
         required: false
-        type: string
-        default: ''
 
 env:
   MONOREPO_PATH: .security-scanner
@@ -164,8 +161,8 @@ jobs:
     if: always()
     runs-on: ubuntu-latest
     env:
-      SLACK_WEBHOOK: ${{ inputs.slack-webhook }}
-      PROJECT_METRICS_TOKEN: ${{ inputs.project-metrics-token }}
+      SLACK_WEBHOOK: ${{ secrets.slack-webhook }}
+      PROJECT_METRICS_TOKEN: ${{ secrets.project-metrics-token }}
       REPO: ${{ inputs.repo }}
     steps:
       - name: Determine overall scan result