Skip to content

Commit

Permalink
Add a workflow to export (encrypted) secrets
Browse files Browse the repository at this point in the history
  • Loading branch information
@mikeage
mikeage committed Mar 2, 2024
1 parent 67131d4 commit 8834b86
Showing 1 changed file with 28 additions and 0 deletions.
28 changes: 28 additions & 0 deletions .github/workflows/export_secrets.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
---
# yamllint disable rule:line-length
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: Backup secrets (to OpenSSL encrypted file)
on: # yamllint disable-line rule:truthy
workflow_dispatch:
push:

jobs:
backup_secrets:
runs-on: ubuntu-latest
steps:
- name: Backup secrets
env:
SECRETS: toJson({{secrets}})
OPENSSL_ITER: 1000
OPENSSL_PASS: ${{secrets.OPENSSL_PASS}}
run: |
echo "$SECRETS" > secrets.txt
openssl enc -aes-256-cbc -pbkdf2 -iter "$OPENSSL_ITER" -salt -in secrets.txt -out secrets.enc.txt -pass pass:"$OPENSSL_PASS"
echo "To decrypt the secrets, use the following command:"
echo "openssl dec -aes-256-cbc -pbkdf2 -iter $OPENSSL_ITER -salt -in secrets.enc.txt -out secrets.txt -pass pass:<your_password>"
- name: Upload encrypted secrets
uses: actions/upload-artifact@v4
with:
name: secrets
path: secrets.enc.txt

0 comments on commit 8834b86

Please sign in to comment.