Skip to content

Instantly share code, notes, and snippets.

@YumaInaura

YumaInaura/README.md

Last active August 8, 2024 00:02
Show Gist options
  • Save YumaInaura/ae788c4a1e4fafbc35ba5c333a7bf316 to your computer and use it in GitHub Desktop.
Save YumaInaura/ae788c4a1e4fafbc35ba5c333a7bf316 to your computer and use it in GitHub Desktop.
Download ZIP
Github Actions API - Post or Update Secret Key to Repository
Raw
README.md

Get Repository Public Key

curl -L \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/actions/secrets/public-key
{
  "key_id": "<KEY_ID>",
  "key": "<PUBLIC_KEY>"
}

Encrypt SECRET VALUE ( e.g by Ruby )

https://github.com/RubyCrypto/rbnacl

gem install rbnacl

on Mac

brew install libsodium

require 'rbnacl'
require 'base64'
require 'securerandom'


key = Base64.decode64('<PUBLIC_KEY>')
public_key = RbNaCl::PublicKey.new(key)

box = RbNaCl::Boxes::Sealed.from_public_key(public_key)
encrypted_secret = box.encrypt('<PLAIN_TEXT_SECRET_VALUE>')

# Print the base64 encoded secret
puts Base64.strict_encode64(encrypted_secret) # <ENCRYPTED_SECRET>

Post SECRET to Github Actions , on Repository

curl -L \
  -X PUT \
  -H "Accept: application/vnd.github+json" \
  -H "Authorization: Bearer <YOUR-TOKEN>" \
  -H "X-GitHub-Api-Version: 2022-11-28" \
  https://api.github.com/repos/OWNER/REPO/actions/secrets/<GITHUB_ACTIONS_SECRET_KEY_NAME> \
  -d '{"encrypted_value":"<ENCRYPTED_SECRET>","key_id":"<KEY_ID>"}'

Ref

https://docs.github.com/ja/rest/guides/encrypting-secrets-for-the-rest-api?apiVersion=2022-11-28

https://docs.github.com/ja/rest/actions/secrets?apiVersion=2022-11-28#get-a-repository-public-key

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment