From 1f4401287dab2d93d703b78c5baed0fec6401e64 Mon Sep 17 00:00:00 2001
From: KN4CK3R <admin@oldschoolhack.me>
Date: Tue, 20 Dec 2022 19:48:09 +0000
Subject: [PATCH 1/4] Add user secrets.

---
 options/locale/locale_en-US.ini        |  2 +-
 routers/web/org/setting.go             | 51 -------------------
 routers/web/org/setting_secrets.go     | 48 ++++++++++++++++++
 routers/web/repo/setting.go            | 42 +++++-----------
 routers/web/shared/secrets/secrets.go  | 54 ++++++++++++++++++++
 routers/web/user/setting/secrets.go    | 45 +++++++++++++++++
 routers/web/web.go                     |  5 ++
 templates/org/settings/secrets.tmpl    | 70 +-------------------------
 templates/shared/secrets/add_list.tmpl | 68 +++++++++++++++++++++++++
 templates/user/settings/navbar.tmpl    |  3 ++
 templates/user/settings/secrets.tmpl   | 10 ++++
 11 files changed, 248 insertions(+), 150 deletions(-)
 create mode 100644 routers/web/org/setting_secrets.go
 create mode 100644 routers/web/shared/secrets/secrets.go
 create mode 100644 routers/web/user/setting/secrets.go
 create mode 100644 templates/shared/secrets/add_list.tmpl
 create mode 100644 templates/user/settings/secrets.tmpl

diff --git a/options/locale/locale_en-US.ini b/options/locale/locale_en-US.ini
index dd31562c3a7b7..eb3edadfc8a2b 100644
--- a/options/locale/locale_en-US.ini
+++ b/options/locale/locale_en-US.ini
@@ -3225,6 +3225,6 @@ creation.value_placeholder = Input any content. Whitespace at the start and end
 creation.success = The secret '%s' has been added.
 creation.failed = Failed to add secret.
 deletion = Remove secret
-deletion.description = Removing a secret will revoke its access to repositories. Continue?
+deletion.description = Removing a secret is permanent and cannot be undone. Continue?
 deletion.success = The secret has been removed.
 deletion.failed = Failed to remove secret.
diff --git a/routers/web/org/setting.go b/routers/web/org/setting.go
index e625962f7597a..899e554ba0dce 100644
--- a/routers/web/org/setting.go
+++ b/routers/web/org/setting.go
@@ -12,7 +12,6 @@ import (
 	"code.gitea.io/gitea/models"
 	"code.gitea.io/gitea/models/db"
 	repo_model "code.gitea.io/gitea/models/repo"
-	secret_model "code.gitea.io/gitea/models/secret"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/models/webhook"
 	"code.gitea.io/gitea/modules/base"
@@ -38,8 +37,6 @@ const (
 	tplSettingsHooks base.TplName = "org/settings/hooks"
 	// tplSettingsLabels template path for render labels settings
 	tplSettingsLabels base.TplName = "org/settings/labels"
-	// tplSettingsSecrets template path for render secrets settings
-	tplSettingsSecrets base.TplName = "org/settings/secrets"
 )
 
 // Settings render the main settings page
@@ -249,51 +246,3 @@ func Labels(ctx *context.Context) {
 	ctx.Data["LabelTemplates"] = repo_module.LabelTemplates
 	ctx.HTML(http.StatusOK, tplSettingsLabels)
 }
-
-// Secrets render organization secrets page
-func Secrets(ctx *context.Context) {
-	ctx.Data["Title"] = ctx.Tr("repo.secrets")
-	ctx.Data["PageIsOrgSettings"] = true
-	ctx.Data["PageIsOrgSettingsSecrets"] = true
-
-	secrets, err := secret_model.FindSecrets(ctx, secret_model.FindSecretsOptions{OwnerID: ctx.Org.Organization.ID})
-	if err != nil {
-		ctx.ServerError("FindSecrets", err)
-		return
-	}
-	ctx.Data["Secrets"] = secrets
-
-	ctx.HTML(http.StatusOK, tplSettingsSecrets)
-}
-
-// SecretsPost add secrets
-func SecretsPost(ctx *context.Context) {
-	form := web.GetForm(ctx).(*forms.AddSecretForm)
-
-	_, err := secret_model.InsertEncryptedSecret(ctx, ctx.Org.Organization.ID, 0, form.Title, form.Content)
-	if err != nil {
-		ctx.Flash.Error(ctx.Tr("secrets.creation.failed"))
-		log.Error("validate secret: %v", err)
-		ctx.Redirect(ctx.Org.OrgLink + "/settings/secrets")
-		return
-	}
-
-	log.Trace("Org %d: secret added", ctx.Org.Organization.ID)
-	ctx.Flash.Success(ctx.Tr("secrets.creation.success", form.Title))
-	ctx.Redirect(ctx.Org.OrgLink + "/settings/secrets")
-}
-
-// SecretsDelete delete secrets
-func SecretsDelete(ctx *context.Context) {
-	id := ctx.FormInt64("id")
-	if _, err := db.DeleteByBean(ctx, &secret_model.Secret{ID: id}); err != nil {
-		ctx.Flash.Error(ctx.Tr("secrets.deletion.failed"))
-		log.Error("delete secret %d: %v", id, err)
-	} else {
-		ctx.Flash.Success(ctx.Tr("secrets.deletion.success"))
-	}
-
-	ctx.JSON(http.StatusOK, map[string]interface{}{
-		"redirect": ctx.Org.OrgLink + "/settings/secrets",
-	})
-}
diff --git a/routers/web/org/setting_secrets.go b/routers/web/org/setting_secrets.go
new file mode 100644
index 0000000000000..1cdbe35f32ade
--- /dev/null
+++ b/routers/web/org/setting_secrets.go
@@ -0,0 +1,48 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package org
+
+import (
+	"net/http"
+
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+	shared "code.gitea.io/gitea/routers/web/shared/secrets"
+)
+
+const (
+	tplSettingsSecrets base.TplName = "org/settings/secrets"
+)
+
+// Secrets render organization secrets page
+func Secrets(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("secrets.secrets")
+	ctx.Data["PageIsOrgSettings"] = true
+	ctx.Data["PageIsOrgSettingsSecrets"] = true
+
+	shared.SetSecretsContext(ctx, ctx.ContextUser.ID, 0)
+	if ctx.Written() {
+		return
+	}
+
+	ctx.HTML(http.StatusOK, tplSettingsSecrets)
+}
+
+// SecretsPost add secrets
+func SecretsPost(ctx *context.Context) {
+	shared.PerformSecretsPost(
+		ctx,
+		ctx.ContextUser.ID,
+		0,
+		ctx.Org.OrgLink+"/settings/secrets",
+	)
+}
+
+// SecretsDelete delete secrets
+func SecretsDelete(ctx *context.Context) {
+	shared.PerformSecretsDelete(
+		ctx,
+		ctx.Org.OrgLink+"/settings/secrets",
+	)
+}
diff --git a/routers/web/repo/setting.go b/routers/web/repo/setting.go
index 913ed6c7cb8e9..a7d1d5b9a1c7b 100644
--- a/routers/web/repo/setting.go
+++ b/routers/web/repo/setting.go
@@ -19,7 +19,6 @@ import (
 	"code.gitea.io/gitea/models/organization"
 	"code.gitea.io/gitea/models/perm"
 	repo_model "code.gitea.io/gitea/models/repo"
-	secret_model "code.gitea.io/gitea/models/secret"
 	unit_model "code.gitea.io/gitea/models/unit"
 	user_model "code.gitea.io/gitea/models/user"
 	"code.gitea.io/gitea/modules/base"
@@ -38,6 +37,7 @@ import (
 	"code.gitea.io/gitea/modules/validation"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/utils"
+	shared "code.gitea.io/gitea/routers/web/shared/secrets"
 	asymkey_service "code.gitea.io/gitea/services/asymkey"
 	"code.gitea.io/gitea/services/forms"
 	"code.gitea.io/gitea/services/mailer"
@@ -1114,31 +1114,22 @@ func DeployKeys(ctx *context.Context) {
 	}
 	ctx.Data["Deploykeys"] = keys
 
-	secrets, err := secret_model.FindSecrets(ctx, secret_model.FindSecretsOptions{RepoID: ctx.Repo.Repository.ID})
-	if err != nil {
-		ctx.ServerError("FindSecrets", err)
+	shared.SetSecretsContext(ctx, 0, ctx.Repo.Repository.ID)
+	if ctx.Written() {
 		return
 	}
-	ctx.Data["Secrets"] = secrets
 
 	ctx.HTML(http.StatusOK, tplDeployKeys)
 }
 
 // SecretsPost response for creating a new secret
 func SecretsPost(ctx *context.Context) {
-	form := web.GetForm(ctx).(*forms.AddSecretForm)
-
-	_, err := secret_model.InsertEncryptedSecret(ctx, 0, ctx.Repo.Repository.ID, form.Title, form.Content)
-	if err != nil {
-		ctx.Flash.Error(ctx.Tr("secrets.creation.failed"))
-		log.Error("validate secret: %v", err)
-		ctx.Redirect(ctx.Repo.RepoLink + "/settings/keys")
-		return
-	}
-
-	log.Trace("Secret added: %d", ctx.Repo.Repository.ID)
-	ctx.Flash.Success(ctx.Tr("secrets.creation.success", form.Title))
-	ctx.Redirect(ctx.Repo.RepoLink + "/settings/keys")
+	shared.PerformSecretsPost(
+		ctx,
+		0,
+		ctx.Repo.Repository.ID,
+		ctx.Repo.RepoLink+"/settings/keys",
+	)
 }
 
 // DeployKeysPost response for adding a deploy key of a repository
@@ -1204,17 +1195,10 @@ func DeployKeysPost(ctx *context.Context) {
 }
 
 func DeleteSecret(ctx *context.Context) {
-	id := ctx.FormInt64("id")
-	if _, err := db.DeleteByBean(ctx, &secret_model.Secret{ID: id}); err != nil {
-		ctx.Flash.Error(ctx.Tr("secrets.deletion.failed"))
-		log.Error("delete secret %d: %v", id, err)
-	} else {
-		ctx.Flash.Success(ctx.Tr("secrets.deletion.success"))
-	}
-
-	ctx.JSON(http.StatusOK, map[string]interface{}{
-		"redirect": ctx.Repo.RepoLink + "/settings/keys",
-	})
+	shared.PerformSecretsDelete(
+		ctx,
+		ctx.Repo.RepoLink+"/settings/keys",
+	)
 }
 
 // DeleteDeployKey response for deleting a deploy key
diff --git a/routers/web/shared/secrets/secrets.go b/routers/web/shared/secrets/secrets.go
new file mode 100644
index 0000000000000..e242c5e81611d
--- /dev/null
+++ b/routers/web/shared/secrets/secrets.go
@@ -0,0 +1,54 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package secrets
+
+import (
+	"net/http"
+
+	"code.gitea.io/gitea/models/db"
+	secret_model "code.gitea.io/gitea/models/secret"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/log"
+	"code.gitea.io/gitea/modules/web"
+	"code.gitea.io/gitea/services/forms"
+)
+
+func SetSecretsContext(ctx *context.Context, ownerID, repoID int64) {
+	secrets, err := secret_model.FindSecrets(ctx, secret_model.FindSecretsOptions{OwnerID: ownerID, RepoID: repoID})
+	if err != nil {
+		ctx.ServerError("FindSecrets", err)
+		return
+	}
+
+	ctx.Data["Secrets"] = secrets
+}
+
+func PerformSecretsPost(ctx *context.Context, ownerID, repoID int64, redirectURL string) {
+	form := web.GetForm(ctx).(*forms.AddSecretForm)
+
+	s, err := secret_model.InsertEncryptedSecret(ctx, ownerID, repoID, form.Title, form.Content)
+	if err != nil {
+		log.Error("InsertEncryptedSecret: %v", err)
+		ctx.Flash.Error(ctx.Tr("secrets.creation.failed"))
+	} else {
+		ctx.Flash.Success(ctx.Tr("secrets.creation.success", s.Name))
+	}
+
+	ctx.Redirect(redirectURL)
+}
+
+func PerformSecretsDelete(ctx *context.Context, redirectURL string) {
+	id := ctx.FormInt64("id")
+
+	if _, err := db.DeleteByBean(ctx, &secret_model.Secret{ID: id}); err != nil {
+		log.Error("Delete secret %d failed: %v", id, err)
+		ctx.Flash.Error(ctx.Tr("secrets.deletion.failed"))
+	} else {
+		ctx.Flash.Success(ctx.Tr("secrets.deletion.success"))
+	}
+
+	ctx.JSON(http.StatusOK, map[string]interface{}{
+		"redirect": redirectURL,
+	})
+}
diff --git a/routers/web/user/setting/secrets.go b/routers/web/user/setting/secrets.go
new file mode 100644
index 0000000000000..3a57897d8f607
--- /dev/null
+++ b/routers/web/user/setting/secrets.go
@@ -0,0 +1,45 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package setting
+
+import (
+	"net/http"
+
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/setting"
+	shared "code.gitea.io/gitea/routers/web/shared/secrets"
+)
+
+const (
+	tplSettingsSecrets base.TplName = "user/settings/secrets"
+)
+
+func Secrets(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("secrets.secrets")
+	ctx.Data["PageIsSettingsSecrets"] = true
+
+	shared.SetSecretsContext(ctx, ctx.Doer.ID, 0)
+	if ctx.Written() {
+		return
+	}
+
+	ctx.HTML(http.StatusOK, tplSettingsSecrets)
+}
+
+func SecretsPost(ctx *context.Context) {
+	shared.PerformSecretsPost(
+		ctx,
+		ctx.Doer.ID,
+		0,
+		setting.AppSubURL+"/user/settings/secrets",
+	)
+}
+
+func SecretsDelete(ctx *context.Context) {
+	shared.PerformSecretsDelete(
+		ctx,
+		setting.AppSubURL+"/user/settings/secrets",
+	)
+}
diff --git a/routers/web/web.go b/routers/web/web.go
index 20d067a163cea..450e84038edf6 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -468,6 +468,11 @@ func RegisterRoutes(m *web.Route) {
 				})
 			})
 		}, packagesEnabled)
+		m.Group("/secrets", func() {
+			m.Get("", user_setting.Secrets)
+			m.Post("", web.Bind(forms.AddSecretForm{}), user_setting.SecretsPost)
+			m.Post("/delete", user_setting.SecretsDelete)
+		})
 		m.Get("/organization", user_setting.Organization)
 		m.Get("/repos", user_setting.Repos)
 		m.Post("/repos/unadopted", user_setting.AdoptOrDeleteRepository)
diff --git a/templates/org/settings/secrets.tmpl b/templates/org/settings/secrets.tmpl
index dd2a437b75253..70add15f50fb6 100644
--- a/templates/org/settings/secrets.tmpl
+++ b/templates/org/settings/secrets.tmpl
@@ -6,78 +6,10 @@
 			{{template "org/settings/navbar" .}}
 			<div class="ui twelve wide column content">
 				{{template "base/alert" .}}
-				<h4 class="ui top attached header">
-					{{.locale.Tr "secrets.secrets"}}
-					<div class="ui right">
-						<div class="ui primary tiny show-panel button" data-panel="#add-secret-panel">{{.locale.Tr "secrets.creation"}}</div>
-					</div>
-				</h4>
-				<div class="ui attached segment">
-					<div class="{{if not .HasError}}hide {{end}}mb-4" id="add-secret-panel">
-						<form class="ui form" action="{{.Link}}" method="post">
-							{{.CsrfTokenHtml}}
-							<div class="field">
-								{{.locale.Tr "secrets.description"}}
-							</div>
-							<div class="field{{if .Err_Title}} error{{end}}">
-								<label for="secret-title">{{.locale.Tr "secrets.name"}}</label>
-								<input id="secret-title" name="title" value="{{.title}}" autofocus required pattern="^[a-zA-Z_][a-zA-Z0-9_]*$" placeholder="{{.locale.Tr "secrets.creation.name_placeholder"}}">
-							</div>
-							<div class="field{{if .Err_Content}} error{{end}}">
-								<label for="secret-content">{{.locale.Tr "secrets.value"}}</label>
-								<textarea id="secret-content" name="content" required placeholder="{{.locale.Tr "secrets.creation.value_placeholder"}}">{{.content}}</textarea>
-							</div>
-							<button class="ui green button">
-								{{.locale.Tr "secrets.creation"}}
-							</button>
-							<button class="ui hide-panel button" data-panel="#add-secret-panel">
-								{{.locale.Tr "cancel"}}
-							</button>
-						</form>
-					</div>
-					{{if .Secrets}}
-					<div class="ui key list">
-						{{range .Secrets}}
-						<div class="item">
-							<div class="right floated content">
-								<button class="ui red tiny button delete-button" data-url="{{$.Link}}/delete" data-id="{{.ID}}">
-									{{$.locale.Tr "settings.delete_key"}}
-								</button>
-							</div>
-							<div class="left floated content">
-								<i>{{svg "octicon-key" 32}}</i>
-							</div>
-							<div class="content">
-								<strong>{{.Name}}</strong>
-								<div class="print meta">******</div>
-								<div class="activity meta">
-									<i>
-										{{$.locale.Tr "settings.add_on"}}
-										<span>{{.CreatedUnix.FormatShort}}</span>
-									</i>
-								</div>
-							</div>
-						</div>
-						{{end}}
-					</div>
-					{{else}}
-						{{.locale.Tr "secrets.none"}}
-					{{end}}
-				</div>
+				{{template "shared/secrets/add_list" .}}
 			</div>
 		</div>
 	</div>
 </div>
 
-<div class="ui small basic delete modal">
-	<div class="ui header">
-		{{svg "octicon-trash" 16 "mr-2"}}
-		{{.locale.Tr "secrets.deletion"}}
-	</div>
-	<div class="content">
-		<p>{{.locale.Tr "secrets.deletion.description"}}</p>
-	</div>
-	{{template "base/delete_modal_actions" .}}
-</div>
-
 {{template "base/footer" .}}
diff --git a/templates/shared/secrets/add_list.tmpl b/templates/shared/secrets/add_list.tmpl
new file mode 100644
index 0000000000000..86da6c7bc5ff2
--- /dev/null
+++ b/templates/shared/secrets/add_list.tmpl
@@ -0,0 +1,68 @@
+<h4 class="ui top attached header">
+	{{.locale.Tr "secrets.secrets"}}
+	<div class="ui right">
+		<div class="ui primary tiny show-panel button" data-panel="#add-secret-panel">{{.locale.Tr "secrets.creation"}}</div>
+	</div>
+</h4>
+<div class="ui attached segment">
+	<div class="{{if not .HasError}}hide {{end}}mb-4" id="add-secret-panel">
+		<form class="ui form" action="{{.Link}}" method="post">
+			{{.CsrfTokenHtml}}
+			<div class="field">
+				{{.locale.Tr "secrets.description"}}
+			</div>
+			<div class="field{{if .Err_Title}} error{{end}}">
+				<label for="secret-title">{{.locale.Tr "secrets.name"}}</label>
+				<input id="secret-title" name="title" value="{{.title}}" autofocus required pattern="^[a-zA-Z_][a-zA-Z0-9_]*$" placeholder="{{.locale.Tr "secrets.creation.name_placeholder"}}">
+			</div>
+			<div class="field{{if .Err_Content}} error{{end}}">
+				<label for="secret-content">{{.locale.Tr "secrets.value"}}</label>
+				<textarea id="secret-content" name="content" required placeholder="{{.locale.Tr "secrets.creation.value_placeholder"}}">{{.content}}</textarea>
+			</div>
+			<button class="ui green button">
+				{{.locale.Tr "secrets.creation"}}
+			</button>
+			<button class="ui hide-panel button" data-panel="#add-secret-panel">
+				{{.locale.Tr "cancel"}}
+			</button>
+		</form>
+	</div>
+	{{if .Secrets}}
+	<div class="ui key list">
+		{{range .Secrets}}
+		<div class="item">
+			<div class="right floated content">
+				<button class="ui red tiny button delete-button" data-url="{{$.Link}}/delete" data-id="{{.ID}}">
+					{{$.locale.Tr "settings.delete_key"}}
+				</button>
+			</div>
+			<div class="left floated content">
+				<i>{{svg "octicon-key" 32}}</i>
+			</div>
+			<div class="content">
+				<strong>{{.Name}}</strong>
+				<div class="print meta">******</div>
+				<div class="activity meta">
+					<i>
+						{{$.locale.Tr "settings.add_on"}}
+						<span>{{.CreatedUnix.FormatShort}}</span>
+					</i>
+				</div>
+			</div>
+		</div>
+		{{end}}
+	</div>
+	{{else}}
+		{{.locale.Tr "secrets.none"}}
+	{{end}}
+</div>
+<div class="ui small basic delete modal">
+	<div class="ui header">
+		{{svg "octicon-trash" 16 "mr-2"}}
+		{{.locale.Tr "secrets.deletion"}}
+	</div>
+	<div class="content">
+		<p>{{.locale.Tr "secrets.deletion.description"}}</p>
+	</div>
+	{{template "base/delete_modal_actions" .}}
+</div>
\ No newline at end of file
diff --git a/templates/user/settings/navbar.tmpl b/templates/user/settings/navbar.tmpl
index 8fd869dc40c32..8deffde0b2242 100644
--- a/templates/user/settings/navbar.tmpl
+++ b/templates/user/settings/navbar.tmpl
@@ -18,6 +18,9 @@
 		<a class="{{if .PageIsSettingsKeys}}active {{end}}item" href="{{AppSubUrl}}/user/settings/keys">
 			{{.locale.Tr "settings.ssh_gpg_keys"}}
 		</a>
+		<a class="{{if .PageIsSettingsSecrets}}active {{end}}item" href="{{AppSubUrl}}/user/settings/secrets">
+			{{.locale.Tr "secrets.secrets"}}
+		</a>
 		{{if .EnablePackages}}
 		<a class="{{if .PageIsSettingsPackages}}active {{end}}item" href="{{AppSubUrl}}/user/settings/packages">
 			{{.locale.Tr "packages.title"}}
diff --git a/templates/user/settings/secrets.tmpl b/templates/user/settings/secrets.tmpl
new file mode 100644
index 0000000000000..1a6875acefc18
--- /dev/null
+++ b/templates/user/settings/secrets.tmpl
@@ -0,0 +1,10 @@
+{{template "base/head" .}}
+<div class="page-content user settings secrets">
+	{{template "user/settings/navbar" .}}
+	<div class="ui container">
+		{{template "base/alert" .}}
+		{{template "shared/secrets/add_list" .}}
+	</div>
+</div>
+
+{{template "base/footer" .}}

From 3bec2de6edc08b2aff8e9ee36ed4b6c71c5797b0 Mon Sep 17 00:00:00 2001
From: KN4CK3R <admin@oldschoolhack.me>
Date: Tue, 20 Dec 2022 20:06:40 +0000
Subject: [PATCH 2/4] Update docs.

---
 docs/content/doc/secrets/overview.en-us.md | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/docs/content/doc/secrets/overview.en-us.md b/docs/content/doc/secrets/overview.en-us.md
index 1a88d6cfbcc6b..21fb65f98d3d2 100644
--- a/docs/content/doc/secrets/overview.en-us.md
+++ b/docs/content/doc/secrets/overview.en-us.md
@@ -1,6 +1,6 @@
 ---
 date: "2022-12-19T21:26:00+08:00"
-title: "Encrypted secrets"
+title: "Secrets"
 slug: "secrets/overview"
 draft: false
 toc: false
@@ -12,24 +12,24 @@ menu:
     identifier: "overview"
 ---
 
-# Encrypted secrets
+# Secrets
 
-Encrypted secrets allow you to store sensitive information in your organization or repository.
+Secrets allow you to store sensitive information in your user, organization or repository.
 Secrets are available on Gitea 1.19+.
 
 # Naming your secrets
 
 The following rules apply to secret names:
 
-Secret names can only contain alphanumeric characters (`[a-z]`, `[A-Z]`, `[0-9]`) or underscores (`_`). Spaces are not allowed.
+- Secret names can only contain alphanumeric characters (`[a-z]`, `[A-Z]`, `[0-9]`) or underscores (`_`). Spaces are not allowed.
 
-Secret names must not start with the `GITHUB_` and `GITEA_` prefix.
+- Secret names must not start with the `GITHUB_` and `GITEA_` prefix.
 
-Secret names must not start with a number.
+- Secret names must not start with a number.
 
-Secret names are not case-sensitive.
+- Secret names are not case-sensitive.
 
-Secret names must be unique at the level they are created at.
+- Secret names must be unique at the level they are created at.
 
 For example, a secret created at the repository level must have a unique name in that repository, and a secret created at the organization level must have a unique name at that level.
 

From 3854c6b5b86f4233d7c39bb02f81bf565d71cfd3 Mon Sep 17 00:00:00 2001
From: KN4CK3R <admin@oldschoolhack.me>
Date: Tue, 20 Dec 2022 20:28:02 +0000
Subject: [PATCH 3/4] Refactor repository secrets page.

---
 routers/web/repo/setting.go              | 17 ------
 routers/web/repo/setting_secrets.go      | 46 +++++++++++++++++
 routers/web/web.go                       | 10 ++--
 templates/repo/settings/deploy_keys.tmpl |  2 -
 templates/repo/settings/nav.tmpl         |  3 +-
 templates/repo/settings/navbar.tmpl      |  3 ++
 templates/repo/settings/secrets.tmpl     | 66 +++---------------------
 templates/shared/secrets/add_list.tmpl   |  2 +-
 8 files changed, 66 insertions(+), 83 deletions(-)
 create mode 100644 routers/web/repo/setting_secrets.go

diff --git a/routers/web/repo/setting.go b/routers/web/repo/setting.go
index a7d1d5b9a1c7b..7804489edfa38 100644
--- a/routers/web/repo/setting.go
+++ b/routers/web/repo/setting.go
@@ -1122,16 +1122,6 @@ func DeployKeys(ctx *context.Context) {
 	ctx.HTML(http.StatusOK, tplDeployKeys)
 }
 
-// SecretsPost response for creating a new secret
-func SecretsPost(ctx *context.Context) {
-	shared.PerformSecretsPost(
-		ctx,
-		0,
-		ctx.Repo.Repository.ID,
-		ctx.Repo.RepoLink+"/settings/keys",
-	)
-}
-
 // DeployKeysPost response for adding a deploy key of a repository
 func DeployKeysPost(ctx *context.Context) {
 	form := web.GetForm(ctx).(*forms.AddKeyForm)
@@ -1194,13 +1184,6 @@ func DeployKeysPost(ctx *context.Context) {
 	ctx.Redirect(ctx.Repo.RepoLink + "/settings/keys")
 }
 
-func DeleteSecret(ctx *context.Context) {
-	shared.PerformSecretsDelete(
-		ctx,
-		ctx.Repo.RepoLink+"/settings/keys",
-	)
-}
-
 // DeleteDeployKey response for deleting a deploy key
 func DeleteDeployKey(ctx *context.Context) {
 	if err := asymkey_service.DeleteDeployKey(ctx.Doer, ctx.FormInt64("id")); err != nil {
diff --git a/routers/web/repo/setting_secrets.go b/routers/web/repo/setting_secrets.go
new file mode 100644
index 0000000000000..c42dee583b923
--- /dev/null
+++ b/routers/web/repo/setting_secrets.go
@@ -0,0 +1,46 @@
+// Copyright 2022 The Gitea Authors. All rights reserved.
+// SPDX-License-Identifier: MIT
+
+package repo
+
+import (
+	"net/http"
+
+	"code.gitea.io/gitea/modules/base"
+	"code.gitea.io/gitea/modules/context"
+	"code.gitea.io/gitea/modules/setting"
+	shared "code.gitea.io/gitea/routers/web/shared/secrets"
+)
+
+const (
+	tplSecrets base.TplName = "repo/settings/secrets"
+)
+
+func Secrets(ctx *context.Context) {
+	ctx.Data["Title"] = ctx.Tr("secrets.secrets")
+	ctx.Data["PageIsSettingsSecrets"] = true
+	ctx.Data["DisableSSH"] = setting.SSH.Disabled
+
+	shared.SetSecretsContext(ctx, 0, ctx.Repo.Repository.ID)
+	if ctx.Written() {
+		return
+	}
+
+	ctx.HTML(http.StatusOK, tplSecrets)
+}
+
+func SecretsPost(ctx *context.Context) {
+	shared.PerformSecretsPost(
+		ctx,
+		0,
+		ctx.Repo.Repository.ID,
+		ctx.Repo.RepoLink+"/settings/secrets",
+	)
+}
+
+func DeleteSecret(ctx *context.Context) {
+	shared.PerformSecretsDelete(
+		ctx,
+		ctx.Repo.RepoLink+"/settings/secrets",
+	)
+}
diff --git a/routers/web/web.go b/routers/web/web.go
index 450e84038edf6..fc5bc1d6fe30c 100644
--- a/routers/web/web.go
+++ b/routers/web/web.go
@@ -923,10 +923,12 @@ func RegisterRoutes(m *web.Route) {
 				m.Combo("").Get(repo.DeployKeys).
 					Post(web.Bind(forms.AddKeyForm{}), repo.DeployKeysPost)
 				m.Post("/delete", repo.DeleteDeployKey)
-				m.Group("/secrets", func() {
-					m.Post("", web.Bind(forms.AddSecretForm{}), repo.SecretsPost)
-					m.Post("/delete", repo.DeleteSecret)
-				})
+			})
+
+			m.Group("/secrets", func() {
+				m.Get("", repo.Secrets)
+				m.Post("", web.Bind(forms.AddSecretForm{}), repo.SecretsPost)
+				m.Post("/delete", repo.DeleteSecret)
 			})
 
 			m.Group("/lfs", func() {
diff --git a/templates/repo/settings/deploy_keys.tmpl b/templates/repo/settings/deploy_keys.tmpl
index 31d1c1f7ab9d8..44c916eefbdb1 100644
--- a/templates/repo/settings/deploy_keys.tmpl
+++ b/templates/repo/settings/deploy_keys.tmpl
@@ -75,8 +75,6 @@
 			{{end}}
 		</div>
 	</div>
-	<br/>
-	{{template "repo/settings/secrets" .}}
 </div>
 
 <div class="ui small basic delete modal">
diff --git a/templates/repo/settings/nav.tmpl b/templates/repo/settings/nav.tmpl
index 3c00c5e188589..3156d9b159fc8 100644
--- a/templates/repo/settings/nav.tmpl
+++ b/templates/repo/settings/nav.tmpl
@@ -12,7 +12,8 @@
 			{{if or .SignedUser.AllowGitHook .SignedUser.IsAdmin}}
 				<li {{if .PageIsSettingsGitHooks}}class="current"{{end}}><a href="{{.RepoLink}}/settings/hooks/git">{{.locale.Tr "repo.settings.githooks"}}</a></li>
 			{{end}}
-			<li {{if .PageIsSettingsKeys}}class="current"{{end}}><a href="{{.RepoLink}}/settings/keys">{{.locale.Tr "secrets.secrets"}}</a></li>
+			<li {{if .PageIsSettingsKeys}}class="current"{{end}}><a href="{{.RepoLink}}/settings/keys">{{.locale.Tr "repo.settings.deploy_keys"}}</a></li>
+			<li {{if .PageIsSettingsSecrets}}class="current"{{end}}><a href="{{.RepoLink}}/settings/secrets">{{.locale.Tr "secrets.secrets"}}</a></li>
 		</ul>
 	</div>
 </div>
diff --git a/templates/repo/settings/navbar.tmpl b/templates/repo/settings/navbar.tmpl
index 236a82f34888a..c268582be9fda 100644
--- a/templates/repo/settings/navbar.tmpl
+++ b/templates/repo/settings/navbar.tmpl
@@ -25,6 +25,9 @@
 			</a>
 		{{end}}
 		<a class="{{if .PageIsSettingsKeys}}active {{end}}item" href="{{.RepoLink}}/settings/keys">
+			{{.locale.Tr "repo.settings.deploy_keys"}}
+		</a>
+		<a class="{{if .PageIsSettingsSecrets}}active {{end}}item" href="{{.RepoLink}}/settings/secrets">
 			{{.locale.Tr "secrets.secrets"}}
 		</a>
 		{{if .LFSStartServer}}
diff --git a/templates/repo/settings/secrets.tmpl b/templates/repo/settings/secrets.tmpl
index 6fb97beb4a85d..71c5c51157954 100644
--- a/templates/repo/settings/secrets.tmpl
+++ b/templates/repo/settings/secrets.tmpl
@@ -1,60 +1,10 @@
-<div class="ui container">
-	<h4 class="ui top attached header">
-		{{.locale.Tr "secrets.secrets"}}
-		<div class="ui right">
-			<div class="ui primary tiny show-panel button" data-panel="#add-secret-panel">{{.locale.Tr "secrets.creation"}}</div>
-		</div>
-	</h4>
-	<div class="ui attached segment">
-		<div class="{{if not .HasError}}hide {{end}}mb-4" id="add-secret-panel">
-			<form class="ui form" action="{{.Link}}/secrets" method="post">
-				{{.CsrfTokenHtml}}
-				<div class="field">
-					{{.locale.Tr "secrets.description"}}
-				</div>
-				<div class="field{{if .Err_Title}} error{{end}}">
-					<label for="secret-title">{{.locale.Tr "secrets.name"}}</label>
-					<input id="secret-title" name="title" value="{{.title}}" autofocus required pattern="^[a-zA-Z_][a-zA-Z0-9_]*$" placeholder="{{.locale.Tr "secrets.creation.name_placeholder"}}">
-				</div>
-				<div class="field{{if .Err_Content}} error{{end}}">
-					<label for="secret-content">{{.locale.Tr "secrets.value"}}</label>
-					<textarea id="secret-content" name="content" required placeholder="{{.locale.Tr "secrets.creation.value_placeholder"}}">{{.content}}</textarea>
-				</div>
-				<button class="ui green button">
-					{{.locale.Tr "secrets.creation"}}
-				</button>
-				<button class="ui hide-panel button" data-panel="#add-secret-panel">
-					{{.locale.Tr "cancel"}}
-				</button>
-			</form>
-		</div>
-		{{if .Secrets}}
-			<div class="ui key list">
-				{{range .Secrets}}
-					<div class="item">
-						<div class="right floated content">
-							<button class="ui red tiny button delete-button" data-url="{{$.Link}}/secrets/delete" data-id="{{.ID}}">
-								{{$.locale.Tr "settings.delete_key"}}
-							</button>
-						</div>
-						<div class="left floated content">
-							<i>{{svg "octicon-key" 32}}</i>
-						</div>
-						<div class="content">
-							<strong>{{.Name}}</strong>
-							<div class="print meta">******</div>
-							<div class="activity meta">
-								<i>
-									{{$.locale.Tr "settings.add_on"}}
-									<span>{{.CreatedUnix.FormatShort}}</span>
-								</i>
-							</div>
-						</div>
-					</div>
-				{{end}}
-			</div>
-		{{else}}
-			{{.locale.Tr "secrets.none"}}
-		{{end}}
+{{template "base/head" .}}
+<div class="page-content repository settings">
+	{{template "repo/header" .}}
+	{{template "repo/settings/navbar" .}}
+	<div class="ui container">
+		{{template "base/alert" .}}
+		{{template "shared/secrets/add_list" .}}
 	</div>
 </div>
+{{template "base/footer" .}}
diff --git a/templates/shared/secrets/add_list.tmpl b/templates/shared/secrets/add_list.tmpl
index 86da6c7bc5ff2..94bc8a1695bf1 100644
--- a/templates/shared/secrets/add_list.tmpl
+++ b/templates/shared/secrets/add_list.tmpl
@@ -65,4 +65,4 @@
 		<p>{{.locale.Tr "secrets.deletion.description"}}</p>
 	</div>
 	{{template "base/delete_modal_actions" .}}
-</div>
\ No newline at end of file
+</div>

From 4f8e223d0564583a70fe5af2146c1ec78d8c2147 Mon Sep 17 00:00:00 2001
From: KN4CK3R <admin@oldschoolhack.me>
Date: Tue, 20 Dec 2022 20:39:09 +0000
Subject: [PATCH 4/4] Remove unused code.

---
 routers/web/repo/setting.go | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/routers/web/repo/setting.go b/routers/web/repo/setting.go
index 7804489edfa38..fcd6968b67d02 100644
--- a/routers/web/repo/setting.go
+++ b/routers/web/repo/setting.go
@@ -37,7 +37,6 @@ import (
 	"code.gitea.io/gitea/modules/validation"
 	"code.gitea.io/gitea/modules/web"
 	"code.gitea.io/gitea/routers/utils"
-	shared "code.gitea.io/gitea/routers/web/shared/secrets"
 	asymkey_service "code.gitea.io/gitea/services/asymkey"
 	"code.gitea.io/gitea/services/forms"
 	"code.gitea.io/gitea/services/mailer"
@@ -1114,11 +1113,6 @@ func DeployKeys(ctx *context.Context) {
 	}
 	ctx.Data["Deploykeys"] = keys
 
-	shared.SetSecretsContext(ctx, 0, ctx.Repo.Repository.ID)
-	if ctx.Written() {
-		return
-	}
-
 	ctx.HTML(http.StatusOK, tplDeployKeys)
 }