Skip to content

Added encrypted_value to Actions + Organizations's secrets #807

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jcudit merged 4 commits into from
Jun 8, 2021
Merged

Added encrypted_value to Actions + Organizations's secrets #807

jcudit merged 4 commits into from
Jun 8, 2021

Conversation

@threeseed
Copy link
Contributor

@threeseed threeseed commented Jun 3, 2021

Fixes:

#704 - Use encrypted_value in github_actions_organization_secret and github_actions_secret

@jcudit jcudit added this to the v4.11.0 milestone Jun 3, 2021
tibbes
tibbes suggested changes Jun 4, 2021
View reviewed changes
Copy link
Contributor

@tibbes tibbes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your pull requests @nadenf! I think @jcudit is going to post a fuller review shortly, but I just wanted to leave a quick note on the blocker for merging this.

jcudit
jcudit reviewed Jun 4, 2021
View reviewed changes
@threeseed
Copy link
Contributor Author

threeseed commented Jun 5, 2021

@jcudit @tibbes .. All changes made.

tibbes
tibbes approved these changes Jun 7, 2021
View reviewed changes
Copy link
Contributor

@tibbes tibbes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @nadenf. 👍 on the base64 changes. I've also manually tested that using encrypted_value works (for repo-level secrets).

@tibbes
Copy link
Contributor

tibbes commented Jun 7, 2021

But we seem to have lost 6880b90 (the commit that removes data_source_github_repository_branches.go)

@threeseed
Copy link
Contributor Author

threeseed commented Jun 7, 2021

@tibbes .. File has been removed.

@jcudit jcudit merged commit fefa5b4 into integrations:master Jun 8, 2021
jcudit pushed a commit that referenced this pull request Jun 15, 2021
@threeseed
Added encrypted_value to Actions + Organizations's secrets (#807)
e3af38a 
* Added encrypted_value to Actions + Organizations's secrets

* Simplified unit tests

* Encrypted value needs to be in Base64 format

* Delete data_source_github_repository_branches.go
jcudit pushed a commit that referenced this pull request Jun 16, 2021
@threeseed
Added encrypted_value to Actions + Organizations's secrets (#807)
aab4b45 
* Added encrypted_value to Actions + Organizations's secrets

* Simplified unit tests

* Encrypted value needs to be in Base64 format

* Delete data_source_github_repository_branches.go
@hoxu
Copy link
Contributor

hoxu commented Jul 5, 2021

Is there documentation somewhere on how to create the encrypted_value using the public key?

@jcudit
Copy link
Contributor

jcudit commented Jul 22, 2021
edited
Loading

@hoxu a (hack) workaround would be to:

  • configure your _secret resource using a plaintext_value
  • TF_LOG=DEBUG terraform apply ... the configuration
  • extract the encrypted and base64 encoded string that is sent to the GitHub API
  • use the extracted value in the encrypted_value field going forward
example 

---[ REQUEST ]---------------------------------------
PUT /orgs/.../actions/secrets/test_plaintext_secret HTTP/1.1
Host: api.github.com
User-Agent: go-github
Content-Length: 176
Accept: application/vnd.github.v3+json
Content-Type: application/json
Accept-Encoding: gzip

{
 "key_id": "568250167242549743",
 "encrypted_value": "zEyV5qMXLrvfBBxJJ8FWOHj64TIcFicNNUnnR0mjpjZh1ExZA7fDjUPM/5NKBlMgm/EFg87n3y6PT2M46B7JECRIPZcykDGbBh8=",
 "visibility": "private"
}

I have not tried this personally but theoretically this should work if I am not overlooking something.

@hoxu
Copy link
Contributor

hoxu commented Aug 20, 2021

@jcudit thanks, this indeed works. But if you have remote state (especially with versioning), you need to manually comment out the backend, terraform init, do all this, enable the backend again and terraform init. In my opinion it's too cumbersome. And these steps are not documented on https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret

@hoxu hoxu mentioned this pull request Aug 20, 2021
Open
@threeseed threeseed deleted the 704 branch September 24, 2021 06:46
@shrink shrink mentioned this pull request Sep 29, 2021
Closed
kfcampbell pushed a commit to kfcampbell/terraform-provider-github that referenced this pull request Jul 26, 2022
@threeseed
Added encrypted_value to Actions + Organizations's secrets (integrati…
83c86e1 
…ons#807)

* Added encrypted_value to Actions + Organizations's secrets

* Simplified unit tests

* Encrypted value needs to be in Base64 format

* Delete data_source_github_repository_branches.go
@kfcampbell kfcampbell mentioned this pull request Dec 5, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@jcudit jcudit jcudit approved these changes

@tibbes tibbes tibbes approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v4.11.0

Development

Successfully merging this pull request may close these issues.

4 participants

@threeseed @tibbes @hoxu @jcudit