https://github.com/devwithkrishna/automatically-create-delete-update-github-organization-secrets
from azure keyvault pull secrets and using them update or create github secrets in a specified repo
https://github.com/devwithkrishna/automatically-create-delete-update-github-organization-secrets
action github-action githubapp guthubapptoken python
Last synced: 4 months ago
JSON representation
from azure keyvault pull secrets and using them update or create github secrets in a specified repo
- Host: GitHub
- URL: https://github.com/devwithkrishna/automatically-create-delete-update-github-organization-secrets
- Owner: devwithkrishna
- License: mit
- Created: 2024-01-23T16:11:49.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-09-20T18:45:40.000Z (10 months ago)
- Last Synced: 2025-01-16T00:55:54.217Z (6 months ago)
- Topics: action, github-action, githubapp, guthubapptoken, python
- Language: Python
- Homepage: https://github.com/devwithkrishna/automatically-create-github-secrets
- Size: 47.9 KB
- Stars: 1
- Watchers: 0
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# automatically-create-delete-update-github-organization-secrets
create , delete or update github organization secrets using github workflow# Pre requesites
* This requires an authorization method which has organization-secret with write permission
* Personal Access Token (PAT) is the recommended way to authenticate. In this demo PAT is USED.
* You can generate a new one from Github settings
* You need to encrypt a secret before you can create or update secrets.# How code works for create or update secret
* First this will execute the `get_public_key.sh` shell script to get the Organization public key
* This public key is required and used for encryption of secret`Reference`: [get-an-organization-public-key](https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#get-an-organization-public-key)
* Then it will execute the `get_public_key_id.sh` script to get the organization key id.
* This is required for creation or updation of secret* Then the `python program` `encrypt_using_libnacl` this uses the public key from step 1 and encrypts the secret
using the prefered method by GitHub.`Reference`: [create-or-update-an-organization-secret](https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#create-or-update-an-organization-secret)
- Reference used for encryption : [example-encrypting-a-secret-using-python](https://docs.github.com/en/rest/guides/encrypting-secrets-for-the-rest-api?apiVersion=2022-11-28#example-encrypting-a-secret-using-python )
* Then `Python program` `create_or_update_github_org_secret` is used to take the public key id from step 2 and encrypted secret value from step 3 to create or update the secret.
| status code | operation |
|-------------|-----------|
| 201 | Create Org secret|
| 204 | Update an Org secret |- visibility of organization secret has been set to all organization repositories. selected means only the repositories specified by selected_repository_ids can access the secret.
- Can be one of: `all`, `private`, `selected`## Inputs of workflow
| input name | description|
|------------|------------|
| organization | name of github organization |
| secret_name | organization Secret name |
| secret_value | Secret value |# # How code works for deleting an organization secret
* This runs the shell script `delete_github_org_secret.sh` which takes 2 inputs from github workflow
1. organization name
2. secret name* Then deletes the secret
| input | description|
|-------|--------------|
| organization | GitHub Organization name |
| secret_name | Secert to be deleted |