https://github.com/devwithkrishna/automatically-create-delete-update-github-organization-secrets

from azure keyvault pull secrets and using them update or create github secrets in a specified repo
https://github.com/devwithkrishna/automatically-create-delete-update-github-organization-secrets

action github-action githubapp guthubapptoken python

Last synced: 4 months ago
JSON representation

from azure keyvault pull secrets and using them update or create github secrets in a specified repo

• Host: GitHub
• URL: https://github.com/devwithkrishna/automatically-create-delete-update-github-organization-secrets
• Owner: devwithkrishna
• License: mit
• Created: 2024-01-23T16:11:49.000Z (over 1 year ago)
• Default Branch: main
• Last Pushed: 2024-09-20T18:45:40.000Z (10 months ago)
• Last Synced: 2025-01-16T00:55:54.217Z (6 months ago)
• Topics: action, github-action, githubapp, guthubapptoken, python
• Language: Python
• Homepage: https://github.com/devwithkrishna/automatically-create-github-secrets
• Size: 47.9 KB
• Stars: 1
• Watchers: 0
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# automatically-create-delete-update-github-organization-secrets

create , delete or update github organization secrets using github workflow

# Pre requesites

* This requires an authorization method which has organization-secret with write permission

* Personal Access Token (PAT) is the recommended way to authenticate. In this demo PAT is USED.

* You can generate a new one from Github settings

* You need to encrypt a secret before you can create or update secrets.

# How code works for create or update secret

* First this will execute the `get_public_key.sh` shell script to get the Organization public key 

    *  This public key is required and used for encryption of secret

    `Reference`: [get-an-organization-public-key](https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#get-an-organization-public-key)

* Then it will execute the `get_public_key_id.sh`  script to get the organization key id. 

    * This is required for creation or updation of secret

* Then the `python program` `encrypt_using_libnacl` this uses the public key from step 1 and encrypts the secret 

using the prefered method by GitHub.

    `Reference`: [create-or-update-an-organization-secret](https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#create-or-update-an-organization-secret)

    - Reference used for encryption : [example-encrypting-a-secret-using-python](https://docs.github.com/en/rest/guides/encrypting-secrets-for-the-rest-api?apiVersion=2022-11-28#example-encrypting-a-secret-using-python )

* Then `Python program` `create_or_update_github_org_secret` is used to take the public key id from step 2 and encrypted secret value from step 3 to create or update the secret.

| status code | operation |

|-------------|-----------|

| 201  | Create Org secret|

| 204  | Update an Org secret |

- visibility of organization secret has been set to all organization repositories. selected means only the repositories specified by selected_repository_ids can access the secret.

- Can be one of: `all`, `private`, `selected`

## Inputs of workflow

| input name | description|

|------------|------------|

| organization | name of github organization |

| secret_name | organization Secret name |

| secret_value | Secret value |

# # How code works for deleting an organization secret

* This runs the shell script `delete_github_org_secret.sh` which takes 2 inputs from github workflow 

1. organization name

2. secret name

* Then deletes the secret

| input | description| 

|-------|--------------|

| organization | GitHub Organization name |

| secret_name | Secert to be deleted |