{"id":24563848,"url":"https://github.com/mildronize/100-secrets-github-actions-sops-with-azure-key-vault","last_synced_at":"2026-04-02T18:38:14.397Z","repository":{"id":83976287,"uuid":"485046736","full_name":"mildronize/100-secrets-github-actions-sops-with-azure-key-vault","owner":"mildronize","description":"Main Repo for Talks","archived":false,"fork":false,"pushed_at":"2022-05-07T04:32:29.000Z","size":3950,"stargazers_count":6,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-08-22T11:50:50.433Z","etag":null,"topics":["github-actions","secrets-management","terraform"],"latest_commit_sha":null,"homepage":"https://thadaw.com/s/suzlta6/","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mildronize.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2022-04-24T14:15:56.000Z","updated_at":"2022-05-10T16:13:46.000Z","dependencies_parsed_at":null,"dependency_job_id":"e2f65bfa-f06e-4eda-a0bd-911bbabfc288","html_url":"https://github.com/mildronize/100-secrets-github-actions-sops-with-azure-key-vault","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/mildronize/100-secrets-github-actions-sops-with-azure-key-vault","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mildronize%2F100-secrets-github-actions-sops-with-azure-key-vault","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mildronize%2F100-secrets-github-actions-sops-with-azure-key-vault/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mildronize%2F100-secrets-github-actions-sops-with-azure-key-vault/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mildronize%2F100-secrets-github-actions-sops-with-azure-key-vault/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mildronize","download_url":"https://codeload.github.com/mildronize/100-secrets-github-actions-sops-with-azure-key-vault/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mildronize%2F100-secrets-github-actions-sops-with-azure-key-vault/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":31313076,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-02T12:59:32.332Z","status":"ssl_error","status_checked_at":"2026-04-02T12:54:48.875Z","response_time":89,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["github-actions","secrets-management","terraform"],"created_at":"2025-01-23T10:16:09.596Z","updated_at":"2026-04-02T18:38:14.388Z","avatar_url":"https://github.com/mildronize.png","language":"HCL","funding_links":[],"categories":[],"sub_categories":[],"readme":"#  Dealing with more than 100 secrets on GitHub Actions using Mozilla SOPS and Azure Key Vault \n\n## Global Azure Thailand 2022.\n\nMay 7, 2022\n\nThe problem we're facing with more than 100 secrets in our environment and how to we utilize implementation method and still provide acceptable security level. Lesson learn about how we manage secrets using Mozilla SOPS and Azure Key Vault on GitHub Actions deployment pipeline.\n\n## Resources \u0026 Repo\n\n- Article for this talk: https://thadaw.com/s/suzlta6/\n- Main Repo: https://github.com/mildronize/100-secrets-github-actions-sops-with-azure-key-vault\n- SOPS Secrets for Azure Key Vault Template: https://github.com/mildronize/sops-with-azure-keyvault-secrets\n- SOPS Actions for Azure Key Vault: https://github.com/mildronize/actions-get-secret-sops\n- Slides: https://docs.google.com/presentation/d/1PTlPazHr-e8Hehd9GBjLG0SseBPVZAMDxzrjbkOoXXY/edit?usp=sharing\n- Recording Demo: https://youtu.be/KV5mZ3xtuSA\n\n## Demo Step\n\n1. Create template from https://github.com/mildronize/sops-with-azure-keyvault-secrets to `mildronize/my-private-repo-secrets`\n2. Modify config file `./examples/data.config.yaml`\n3. Create azure key vault\n\n    ```bash\n    ./create-az-key-vault.sh ./examples/data.config.yaml\n    ```\n4. Encrypt secret from plain text\n\n    ```bash\n    ./encrypt.sh ./examples/data.config.yaml ./examples/data.plain.yaml \u003e ./examples/data.enc.yaml\n    ```\n5. Commit \u0026 Push code\n6. Release to Pipeline (GitHub Action)\n    ```bash\n    ./scripts/bump-and-tag-version.sh \n    ```\n\n    It will tag version, for example:\n\n    ```\n    Tag created and pushed: \"0.0.1\"\n    ```\n\n    Using this version to next step\n    \n7. Go to GitHub Action Repo which using this project for downloading secrets. (This Project)\n\n\n8. Health Check \n\n    ```bash\n    # health check\n    cd ../health-check\n    node ./index.js ../terraform/deploy.json\n    ```\n\n## Destroy App Services\n\nterraform destroy -target 'azurerm_app_service.web_api[\"ant\"]' -target 'azurerm_app_service.web_api[\"cat\"]' -target 'azurerm_app_service.web_api[\"dog\"]'","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmildronize%2F100-secrets-github-actions-sops-with-azure-key-vault","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmildronize%2F100-secrets-github-actions-sops-with-azure-key-vault","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmildronize%2F100-secrets-github-actions-sops-with-azure-key-vault/lists"}