https://github.com/appatalks/libsodium_secrets_update

Use Libsodium library for C# / .NET bindings update GitHub repository secrets
https://github.com/appatalks/libsodium_secrets_update

actions c libsodium net secrets

Last synced: about 1 month ago
JSON representation

Use Libsodium library for C# / .NET bindings update GitHub repository secrets

• Host: GitHub
• URL: https://github.com/appatalks/libsodium_secrets_update
• Owner: appatalks
• License: mit
• Created: 2025-02-27T22:04:29.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2025-05-07T22:54:23.000Z (about 1 year ago)
• Last Synced: 2026-03-06T04:31:01.985Z (4 months ago)
• Topics: actions, c, libsodium, net, secrets
• Homepage:
• Size: 49.8 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 1
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
> [!CAUTION]

> Proof-of-Concept

> Read more here for insight: [libsodium investigation](https://github.com/appatalks/gh_nsec_secrets_update/issues/1)

## Use Libsodium directly with `P/Invoke` method to Encrypt and update GitHub Repository Secret 

### Repository Secret Update Workflow

This is a GitHub Actions workflow that updates a repository secret using C# and .NET bindings.

Proof-of-concept to update a secret using `libsodium` rather than [Sodium.Core](https://github.com/ektrah/libsodium-core) as it is no longer maintained, and a possible candidate for a replacement to GitHub's [current recommendation](https://docs.github.com/en/rest/guides/encrypting-secrets-for-the-rest-api?apiVersion=2022-11-28#example-encrypting-a-secret-using-c).

> [!NOTE]

> - *`P/Invoke` with Libsodium*: The project uses [P/Invoke to call native Libsodium functions](https://learn.microsoft.com/en-us/dotnet/standard/native-interop/pinvoke) (`sodium_init` and `crypto_box_seal`) from C#.

> - *Sealed Box Encryption*: The `crypto_box_seal` method encrypts data using the recipient's public key without needing a sender key pair.

## How to Use

0. Use this Actions Workflow: [libsodium-dev-secret-update.yml](https://github.com/appatalks/gh_nsec_secrets_update/blob/main/libsodium-dev-secret-update.yml)

2. Trigger the workflow manually.

3. Provide the following inputs:

   - **secret:** The new or updated Secret

   - **pat_token:** A Personal Access Token with repo permissions.

   - **secret_name:** The name of the repository secret to update.