{"id":26786163,"url":"https://github.com/derekahn/drone-secret","last_synced_at":"2025-03-29T11:35:52.490Z","repository":{"id":57632280,"uuid":"411071081","full_name":"derekahn/drone-secret","owner":"derekahn","description":"Drone plugin to interpolate base64 secrets","archived":false,"fork":false,"pushed_at":"2022-12-05T22:14:09.000Z","size":27,"stargazers_count":0,"open_issues_count":1,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-06-20T16:52:18.646Z","etag":null,"topics":["drone","drone-ci","drone-plugin","go","golang"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/derekahn.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-09-27T23:20:02.000Z","updated_at":"2024-06-20T16:52:18.647Z","dependencies_parsed_at":"2023-01-24T07:01:24.814Z","dependency_job_id":null,"html_url":"https://github.com/derekahn/drone-secret","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/derekahn%2Fdrone-secret","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/derekahn%2Fdrone-secret/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/derekahn%2Fdrone-secret/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/derekahn%2Fdrone-secret/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/derekahn","download_url":"https://codeload.github.com/derekahn/drone-secret/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246180883,"owners_count":20736458,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["drone","drone-ci","drone-plugin","go","golang"],"created_at":"2025-03-29T11:35:51.991Z","updated_at":"2025-03-29T11:35:52.483Z","avatar_url":"https://github.com/derekahn.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# 🤫 Drone Secret\n\n[![made-with-Go](https://img.shields.io/badge/Made%20with-Go-1f425f.svg)](http://golang.org)\n[![Go Report Card](https://goreportcard.com/badge/github.com/derekahn/drone-secret)](https://goreportcard.com/report/github.com/derekahn/drone-secret)\n[![GitHub go.mod Go version of a Go module](https://img.shields.io/github/go-mod/go-version/gomods/athens.svg)](https://github.com/derekahn/drone-secret)\n[![GoDoc](https://img.shields.io/badge/godoc-reference-blue.svg)](https://pkg.go.dev/github.com/derekahn/drone-secret)\n[![MIT license](https://img.shields.io/badge/License-MIT-blue.svg)](https://lbesson.mit-license.org/)\n[![Sourcegraph](https://sourcegraph.com/github.com/gorilla/mux/-/badge.svg)](https://sourcegraph.com/github.com/derekahn/drone-secret?badge)\n\nA plugin to \"to interpolate base64 secrets\".\n\n## Usage\n\nThe following settings changes this plugin's behavior.\n\n- Secrets (required) takes a stringified map (refer to [envconfig](https://github.com/kelseyhightower/envconfig)) and base64 encodes the values while it finds and replaces.\n- Directory (optional) is the targeted directory to recursively interpolate\n- DenyList (optional) takes a list of files to ignore\n\nBelow is an example `.drone.yml` that uses this plugin.\n\n```yaml\nkind: pipeline\nname: default\n\nsteps:\n  - name: run \"derekahn/drone-secret\" plugin\n    image: \"derekahn/drone-secret\"\n    pull: if-not-exists\n    settings:\n      secrets: \"${FOO}:alpha,${BAR}:bravo,${BAZ}:charlie\"\n      directory: \"deployments\"\n      denyList: \"deployment.yaml\"\n```\n\nBelow is an **input** example of a file in `deployments/` **before** plugin execution:\n\n```yaml\n---\napiVersion: v1\nkind: Secret\nmetadata:\n  name: test-secret\ntype: Opaque\ndata:\n  FOO: ${FOO}\n  BAR: ${BAR}\n  BAZ: ${BAZ}\n```\n\nBelow is an **output** example of a file in `deployments/` **after** plugin execution:\n\n```yaml\n# deployments/secret.yaml\n---\napiVersion: v1\nkind: Secret\nmetadata:\n  name: test-secret\ntype: Opaque\ndata:\n  FOO: YWxwaGE=     # alpha\n  BAR: YnJhdm8=     # bravo\n  BAZ: Y2hhcmxpZQ== # charlie\n```\n\n\u003e Instantiated the project with [boilr-plugin](https://github.com/drone/boilr-plugin) 👏🏽\n\n## 🚀 Building\n\nBuild the plugin binary:\n\n```bash\nscripts/build.sh\n```\n\n## 🔬 Testing\n\nExecute the plugin from your current working directory:\n\n```bash\ndocker build -t \"derekahn/drone-secret\" -f docker/Dockerfile .\n\ndocker run --rm \\\n  -e DRONE_COMMIT_SHA=8f51ad7884c5eb69c11d260a31da7a745e6b78e2 \\\n  -e DRONE_COMMIT_BRANCH=master \\\n  -e DRONE_BUILD_NUMBER=43 \\\n  -e DRONE_BUILD_STATUS=success \\\n  -e PLUGIN_LOG_LEVEL=debug \\\n  -e PLUGIN_DIRECTORY=test/ignore/ \\\n  -e PLUGIN_SECRETS='${AWS_REGION}:alpha,${AWS_ACCESS_KEY_ID}:bravo' \\\n  -w /drone/src \\\n  -v $(pwd):/drone/src \\\n  \"derekahn/drone-secret\"\n```\n\nAfter execution be sure to revert the file `test/ignore/dev_test.yaml` !\n\n## 🔒 Security\n\nThis plugin is **highly** secure with just a single dependency ([envconfig](https://github.com/kelseyhightower/envconfig/blob/master/LICENSE)) and a hardened and locked down 🐳 container.\n\nUtilizing [trivy](https://github.com/aquasecurity/trivy) for vulnerability scans.\n\n#### Container (🐳 image) scan for misconfiguration and vulnerabilities:\n\n```bash\n$ trivy image derekahn/drone-secret:v1\n\n2021-09-29T17:08:59.613-0700    INFO    Need to update DB\n2021-09-29T17:08:59.613-0700    INFO    Downloading DB...\n24.18 MiB / 24.18 MiB [----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 4.90 MiB p/s 5s\n2021-09-29T17:09:05.657-0700    INFO    Number of language-specific files: 1\n2021-09-29T17:09:05.657-0700    INFO    Detecting gobinary vulnerabilities...\n\nbin/plugin (gobinary)\n=====================\nTotal: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)\n```\n\n#### Project scan for misconfiguration and vulnerabilities:\n\n```bash\n$ trivy fs --security-checks vuln,config .\n\n2021-09-30T09:20:23.213-0700    INFO    Number of language-specific files: 1\n2021-09-30T09:20:23.213-0700    INFO    Detecting gomod vulnerabilities...\n2021-09-30T09:20:23.213-0700    INFO    Detected config files: 1\n\ngo.sum (gomod)\n==============\nTotal: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)\n\n\ndocker/Dockerfile (dockerfile)\n==============================\nTests: 23 (SUCCESSES: 23, FAILURES: 0, EXCEPTIONS: 0)\nFailures: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0)\n```\n\n## 📦 Licenses\n\n- [x] [MIT](https://github.com/kelseyhightower/envconfig/blob/master/LICENSE) github.com/kelseyhightower/envconfig\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fderekahn%2Fdrone-secret","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fderekahn%2Fdrone-secret","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fderekahn%2Fdrone-secret/lists"}