-
Notifications
You must be signed in to change notification settings - Fork 583
/
secret.go
39 lines (32 loc) · 1.24 KB
/
secret.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
package github
import (
"crypto/rand"
"encoding/base64"
"github.com/google/go-github/v45/github"
"golang.org/x/crypto/nacl/box"
"github.com/SAP/jenkins-library/pkg/log"
)
// CreateEncryptedSecret creates an encrypted secret using a public key from a GitHub repository, which can be sent through the GitHub API
// https://github.com/google/go-github/blob/master/example/newreposecretwithxcrypto/main.go
func CreateEncryptedSecret(secretName, secretValue string, publicKey *github.PublicKey) (*github.EncryptedSecret, error) {
decodedPublicKey, err := base64.StdEncoding.DecodeString(publicKey.GetKey())
if err != nil {
log.Entry().Warn("Could not decode public key from base64")
return nil, err
}
var boxKey [32]byte
copy(boxKey[:], decodedPublicKey)
secretBytes := []byte(secretValue)
encryptedSecretBytes, err := box.SealAnonymous([]byte{}, secretBytes, &boxKey, rand.Reader)
if err != nil {
log.Entry().Warn("Could not encrypt secret using public key")
return nil, err
}
encryptedSecretString := base64.StdEncoding.EncodeToString(encryptedSecretBytes)
githubSecret := &github.EncryptedSecret{
Name: secretName,
KeyID: publicKey.GetKeyID(),
EncryptedValue: encryptedSecretString,
}
return githubSecret, nil
}