Skip to content

Commit

Permalink
Add a workflow to export (encrypted) secrets
Browse files Browse the repository at this point in the history
  • Loading branch information
@mikeage
mikeage committed Mar 2, 2024
1 parent 67131d4 commit 32f11ca
Showing 1 changed file with 34 additions and 0 deletions.
34 changes: 34 additions & 0 deletions .github/workflows/export_secrets.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
---
# yamllint disable rule:line-length
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: Backup secrets (to OpenSSL encrypted file)
on: # yamllint disable-line rule:truthy
workflow_dispatch:
push:

jobs:
backup_secrets:
runs-on: ubuntu-latest
steps:
- name: Backup secrets
env:
SECRETS: ${{ toJSON(secrets) }}
VARS: ${{ toJSON(vars) }}
OPENSSL_ITER: 1000
OPENSSL_PASS: ${{ secrets.SECRET_EXPORT_OPENSSL_PASSWORD }}
run: |
echo "$SECRETS" | tee secrets.txt
echo "$VARS" | tee vars.txt
openssl enc -aes-256-cbc -md sha512 -pbkdf2 -iter $OPENSSL_ITER -salt -in secrets.txt -out secrets.enc.txt -pass pass:$OPENSSL_PASS
openssl enc -aes-256-cbc -md sha512 -pbkdf2 -iter $OPENSSL_ITER -salt -in vars.txt -out vars.enc.txt -pass pass:$OPENSSL_PASS
echo "To decrypt the secrets, use the following command(s):"
echo "openssl enc -aes-256-cbc -d -md sha512 -pbkdf2 -iter $OPENSSL_ITER -salt -in secrets.enc.txt -out secrets.txt -pass pass:<your_password>"
echo "openssl enc -aes-256-cbc -d -md sha512 -pbkdf2 -iter $OPENSSL_ITER -salt -in vars.enc.txt -out vars.txt -pass pass:<your_password>"
- name: Upload encrypted secrets
uses: actions/upload-artifact@v4
with:
name: exports
path: |
secrets.enc.txt
vars.enc.txt

0 comments on commit 32f11ca

Please sign in to comment.