nazartm · January 24, 2023 09:17
diff --git a/add_actions_secret.py b/add_actions_secret.py
 from base64 import b64encode
 from nacl import encoding, public
 import requests

 MY_PAC = ''
 ORG = 'MyOrg'
 REPO = 'repo'

 secrets = {
  'TOOL_USER': 'admin',
  'TOOL_PASS': 'secret-value'
 }

 def get_public_key():
  headers = {'Accept': 'application/vnd.github+json', 'Authorization': "Bearer " + MY_PAC}
  response = requests.get("https://api.github.com/repos/{}/{}/actions/secrets/public-key".format(ORG, REPO), headers = headers)
  return response.json()

 def encrypt(public_key: str, secret_value: str) -> str:
  """Encrypt a Unicode string using the public key."""
  public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
  sealed_box = public.SealedBox(public_key)
  encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
  return b64encode(encrypted).decode("utf-8")

 def create_secret(secret_name, value, public_key):
  headers = {'Accept': 'application/vnd.github+json', 'Authorization': "Bearer " + MY_PAC}
  data = {"encrypted_value": encrypt(public_key['key'], value ), "key_id": public_key['key_id']}
  response = requests.put("https://api.github.com/repos/{0}/{1}/actions/secrets/{2}".format(ORG, REPO, secret_name), headers = headers, json = data)
  return response.status_code

 print("Retrieving public key for repository {}".format(REPO))
 public_key = get_public_key()

 for k, v in secrets.items():
  print("Creating secret for {}".format(k))
  print(create_secret(k, v, public_key))

 print("Done")
	from base64 import b64encode
	from nacl import encoding, public
	import requests

	MY_PAC = ''
	ORG = 'MyOrg'
	REPO = 'repo'

	secrets = {
	'TOOL_USER': 'admin',
	'TOOL_PASS': 'secret-value'
	}

	def get_public_key():
	headers = {'Accept': 'application/vnd.github+json', 'Authorization': "Bearer " + MY_PAC}
	response = requests.get("https://api.github.com/repos/{}/{}/actions/secrets/public-key".format(ORG, REPO), headers = headers)
	return response.json()

	def encrypt(public_key: str, secret_value: str) -> str:
	"""Encrypt a Unicode string using the public key."""
	public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
	sealed_box = public.SealedBox(public_key)
	encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
	return b64encode(encrypted).decode("utf-8")

	def create_secret(secret_name, value, public_key):
	headers = {'Accept': 'application/vnd.github+json', 'Authorization': "Bearer " + MY_PAC}
	data = {"encrypted_value": encrypt(public_key['key'], value ), "key_id": public_key['key_id']}
	response = requests.put("https://api.github.com/repos/{0}/{1}/actions/secrets/{2}".format(ORG, REPO, secret_name), headers = headers, json = data)
	return response.status_code

	print("Retrieving public key for repository {}".format(REPO))
	public_key = get_public_key()

	for k, v in secrets.items():
	print("Creating secret for {}".format(k))
	print(create_secret(k, v, public_key))

	print("Done")