diff --git a/README.md b/README.md
index fa7d413..283cc8b 100644
--- a/README.md
+++ b/README.md
@@ -10,7 +10,7 @@ pairing with smart people at Hashrocket.
 
 For a steady stream of TILs, [sign up for my newsletter](https://tinyletter.com/jbranchaud).
 
-_1059 TILs and counting..._
+_1060 TILs and counting..._
 
 ---
 
@@ -304,6 +304,7 @@ _1059 TILs and counting..._
 ### GitHub Actions
 
 - [Capture An Output Value For Use In A Later Step](github-actions/capture-an-output-value-for-use-in-a-later-step.md)
+- [Reference An Encrypted Secret In An Action](github-actions/reference-an-encrypted-secret-in-an-action.md)
 
 ### Go
 
diff --git a/github-actions/reference-an-encrypted-secret-in-an-action.md b/github-actions/reference-an-encrypted-secret-in-an-action.md
new file mode 100644
index 0000000..83b76a2
--- /dev/null
+++ b/github-actions/reference-an-encrypted-secret-in-an-action.md
@@ -0,0 +1,28 @@
+# Reference An Encrypted Secret In An Action
+
+CI environments like GitHub Actions want to help you keep your secrets secret.
+They allow you to store an encrypted version of a secret that can be access in
+an action.
+
+First, you need to add an encrypted secret to your repository. Navigate to your
+repository's _Settings_ page and then to the _Secrets_ tab. You can then add
+the secret with the _New repository secret_ button.
+
+Once the secret is added, you can reference it in your actions.
+
+Let's say you added your repository secret with the name `MY_API_KEY`. And then
+let's say that your project needs to be built with that API key available in
+the environment as `SECRET_API_KEY`. You can reference it from `secrets` in the
+`env` section.
+
+```yaml
+  - name: Build the JS bundle
+    run: yarn build
+    env:
+      SECRET_API_KEY: ${{ secrets.MY_API_KEY }}
+```
+
+Though this API key is stored on GitHub's servers as an encrypted value, it
+will be decrypted when this workflow step is run.
+
+[source](https://docs.github.com/en/actions/reference/encrypted-secrets#using-encrypted-secrets-in-a-workflow)