Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Added encrypted_value to Actions + Organizations's secrets #807

Merged
merged 4 commits into from
Jun 8, 2021

Conversation

threeseed
Copy link
Contributor

Fixes:

#704 - Use encrypted_value in github_actions_organization_secret and github_actions_secret

@jcudit jcudit added this to the v4.11.0 milestone Jun 3, 2021
Copy link
Contributor

@tibbes tibbes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for your pull requests @nadenf! I think @jcudit is going to post a fuller review shortly, but I just wanted to leave a quick note on the blocker for merging this.

github/resource_github_actions_organization_secret.go Outdated Show resolved Hide resolved
github/resource_github_actions_organization_secret.go Outdated Show resolved Hide resolved
@threeseed
Copy link
Contributor Author

@jcudit @tibbes .. All changes made.

Copy link
Contributor

@tibbes tibbes left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks @nadenf. 👍 on the base64 changes. I've also manually tested that using encrypted_value works (for repo-level secrets).

@tibbes
Copy link
Contributor

tibbes commented Jun 7, 2021

But we seem to have lost 6880b90 (the commit that removes data_source_github_repository_branches.go)

@threeseed
Copy link
Contributor Author

@tibbes .. File has been removed.

@jcudit jcudit merged commit fefa5b4 into integrations:master Jun 8, 2021
jcudit pushed a commit that referenced this pull request Jun 15, 2021
* Added encrypted_value to Actions + Organizations's secrets

* Simplified unit tests

* Encrypted value needs to be in Base64 format

* Delete data_source_github_repository_branches.go
jcudit pushed a commit that referenced this pull request Jun 16, 2021
* Added encrypted_value to Actions + Organizations's secrets

* Simplified unit tests

* Encrypted value needs to be in Base64 format

* Delete data_source_github_repository_branches.go
@hoxu
Copy link
Contributor

hoxu commented Jul 5, 2021

Is there documentation somewhere on how to create the encrypted_value using the public key?

@jcudit
Copy link
Contributor

jcudit commented Jul 22, 2021

@hoxu a (hack) workaround would be to:

  • configure your _secret resource using a plaintext_value
  • TF_LOG=DEBUG terraform apply ... the configuration
  • extract the encrypted and base64 encoded string that is sent to the GitHub API
  • use the extracted value in the encrypted_value field going forward
example

---[ REQUEST ]---------------------------------------
PUT /orgs/.../actions/secrets/test_plaintext_secret HTTP/1.1
Host: api.github.com
User-Agent: go-github
Content-Length: 176
Accept: application/vnd.github.v3+json
Content-Type: application/json
Accept-Encoding: gzip

{
 "key_id": "568250167242549743",
 "encrypted_value": "zEyV5qMXLrvfBBxJJ8FWOHj64TIcFicNNUnnR0mjpjZh1ExZA7fDjUPM/5NKBlMgm/EFg87n3y6PT2M46B7JECRIPZcykDGbBh8=",
 "visibility": "private"
}

I have not tried this personally but theoretically this should work if I am not overlooking something.

@hoxu
Copy link
Contributor

hoxu commented Aug 20, 2021

@jcudit thanks, this indeed works. But if you have remote state (especially with versioning), you need to manually comment out the backend, terraform init, do all this, enable the backend again and terraform init. In my opinion it's too cumbersome. And these steps are not documented on https://registry.terraform.io/providers/integrations/github/latest/docs/resources/actions_secret

@threeseed threeseed deleted the 704 branch September 24, 2021 06:46
kfcampbell pushed a commit to kfcampbell/terraform-provider-github that referenced this pull request Jul 26, 2022
…ons#807)

* Added encrypted_value to Actions + Organizations's secrets

* Simplified unit tests

* Encrypted value needs to be in Base64 format

* Delete data_source_github_repository_branches.go
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

4 participants