superboum · February 25, 2022 08:35
diff --git a/droneci-secret-dump.go b/droneci-secret-dump.go
 package main

 import (
 	"bufio"
 	"os"
 	"crypto/aes"
 	"crypto/cipher"
 	"encoding/hex"
 	"errors"
 	"fmt"
 )

 func decrypt(ciphertext []byte, key []byte) (plaintext []byte, err error) {
 	block, err := aes.NewCipher(key)
 	if err != nil {
 		return nil, err
 	}

 	gcm, err := cipher.NewGCM(block)
 	if err != nil {
 		return nil, err
 	}

 	if len(ciphertext) < gcm.NonceSize() {
 		return nil, errors.New("malformed ciphertext")
 	}

 	return gcm.Open(nil,
 		ciphertext[:gcm.NonceSize()],
 		ciphertext[gcm.NonceSize():],
 		nil,
 	)
 }

 func main() {
 	reader := bufio.NewReader(os.Stdin)
 	fmt.Print("Enter DRONE_DATABASE_SECRET: ")
 	k, err := reader.ReadString('\n')
 	if err != nil {
 		fmt.Println("failed to read key from stdin", err)
 		return
 	}
 	k = k[:len(k)-1]
 	fmt.Print("Enter your ciphertext dumped from PSQL as hex `select encode(secret_data, 'hex') from secrets where secret_name = xxx`: ")
 	ciph, err := reader.ReadString('\n')
 	if err != nil {
 		fmt.Println("failed to read cipher from stdin", err)
 		return
 	}

 	ciphb, err := hex.DecodeString(ciph[:len(ciph)-1])
 	if err != nil {
 		fmt.Println("cipher hex to bytes failed")
 		return
 	}

 	p, err := decrypt(ciphb, []byte(k))
 	if err != nil {
          fmt.Println("decryption failed",err)
 	  return
 	}

 	fmt.Println(string(p))
 }
	package main

	import (
	"bufio"
	"os"
	"crypto/aes"
	"crypto/cipher"
	"encoding/hex"
	"errors"
	"fmt"
	)

	func decrypt(ciphertext []byte, key []byte) (plaintext []byte, err error) {
	block, err := aes.NewCipher(key)
	if err != nil {
	return nil, err
	}

	gcm, err := cipher.NewGCM(block)
	if err != nil {
	return nil, err
	}

	if len(ciphertext) < gcm.NonceSize() {
	return nil, errors.New("malformed ciphertext")
	}

	return gcm.Open(nil,
	ciphertext[:gcm.NonceSize()],
	ciphertext[gcm.NonceSize():],
	nil,
	)
	}

	func main() {
	reader := bufio.NewReader(os.Stdin)
	fmt.Print("Enter DRONE_DATABASE_SECRET: ")
	k, err := reader.ReadString('\n')
	if err != nil {
	fmt.Println("failed to read key from stdin", err)
	return
	}
	k = k[:len(k)-1]
	fmt.Print("Enter your ciphertext dumped from PSQL as hex `select encode(secret_data, 'hex') from secrets where secret_name = xxx`: ")
	ciph, err := reader.ReadString('\n')
	if err != nil {
	fmt.Println("failed to read cipher from stdin", err)
	return
	}

	ciphb, err := hex.DecodeString(ciph[:len(ciph)-1])
	if err != nil {
	fmt.Println("cipher hex to bytes failed")
	return
	}

	p, err := decrypt(ciphb, []byte(k))
	if err != nil {
	fmt.Println("decryption failed",err)
	return
	}

	fmt.Println(string(p))
	}