Secrets doesnt pass from github action secrets to reusable workflow in github actions

Question

I created secrets in github actions and trying to use them in reusable workflow, but I am unable to make it work, However, If I pass secrets hardcoded from caller file, it works just fine

## set_env.yml
name: Sent Env Creds and Vars

on:
  push:
    branches:
      - main
      - dev
  pull_request:
    branches: [ main ]

jobs:
  deploy-dev:
    uses: ./.github/workflows/main.yml
    with:
      AWS_REGION: "us-east-2"
      PREFIX: "dev"
    secrets:
      AWS_ACCESS_KEY_ID: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}
      AWS_SECRET_ACCESS_KEY: ${{ secrets.DEV_AWS_ACCESS_KEY_ID }}

reusable workflow = main.yml

## main.yml
name: Deploy to AWS  

# Controls when the workflow will run
on:
  workflow_call:
    inputs:
      AWS_REGION:
        required: true
        type: string
      PREFIX:
        required: true
        type: string
    secrets:
      AWS_ACCESS_KEY_ID:
        required: true
      AWS_SECRET_ACCESS_KEY:
        required: true

# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
  terraform-deploy:
    runs-on: ubuntu-latest

    # Steps represent a sequence of tasks that will be executed as part of the job
    steps:
      # # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
      - uses: actions/checkout@v2

      # Runs a set of commands using the runners shell
      - name: Run a multi-line script
        run: | 
                echo Hello, Epsilon! You are in ${{ inputs.AWS_REGION }} region ${{ inputs.PREFIX }} region 
                for dir in $(ls -l | grep '^d' | awk '{print $9}'); do
                    PARENT_DIR=`pwd`
                    echo $dir
                    cd $dir
                    terraform init -backend-config=${PARENT_DIR}/${{ inputs.PREFIX }}-backend.tfvars
                    terraform validate
                    terraform plan -var-file=${{ inputs.PREFIX }}_vars.tfvars
                    ## terraform apply -input=false -auto-approve -var-file=${{ inputs.PREFIX }}_vars.tfvars
                    cd ..
                done
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

If I hardcode secrets in set_env.yml while calling main.yml like below, it just works

  jobs:
      deploy-dev:
        uses: ./.github/workflows/main.yml
        with:
          AWS_REGION: "us-east-2"
          PREFIX: "dev"
        secrets:
          AWS_ACCESS_KEY_ID: <harcoded value>
          AWS_SECRET_ACCESS_KEY: <hardcoded value>

I have been trying to make it work in many ways but doesnt work. Please help

Answer 1

As of May 3rd 2022, this is now possible with the new keyword inherit: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#onworkflow_callsecretsinherit

In the calling workflow, you tell it to inherit the secrets in the reusable workflow:

jobs:
  deploy-dev:
    uses: ./.github/workflows/main.yml
    with:
      AWS_REGION: "us-east-2"
      PREFIX: "dev"
    secrets: inherit

This makes the secrets available in the reusable workflow like normal:

with:
  myInput: ${{ secrets.MY_SECRET }}

Note that there's no need to declare the secrets on the workflow_call trigger.