-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathconfig.ini.gpg
46 lines (36 loc) · 2.03 KB
/
config.ini.gpg
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
# instructions for creating an encrypted file are found here https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets#limits-for-secrets
# 1. Run the following command from your terminal to encrypt the `config.ini` file using gpg and the AES256 cipher algorithm
# $ gpg --symmetric --cipher-algo AES256 `config.ini`
# 2. You will be prompted to enter a passphrase (found in the secrets document). Remember the passphrase, because you'll need to create a new secret on GitHub that uses the passphrase as the value.
# 3. Create a new secret that contains the passphrase. For example, create a new secret with the name LARGE_SECRET_PASSPHRASE and set the value of the secret to the passphrase you selected in the step above.
# 4. Copy your encrypted file into your repository and commit it. In this example, the encrypted file is `config.ini.gpg`
# 5. Create a shell script to decrypt the password. Save this file as `decrypt.sh`
>>>
# #!/bin/sh
# # Decrypt the file
# mkdir config
# # --batch to prevent interactive command
# # --yes to assume "yes" for questions
# gpg --quiet --batch --yes --decrypt --passphrase="$CONFIG_INI_PASSPHRASE" \
# --output ./config/config.ini config.ini.gpg
>>>
# 6. Ensure your shell script is executable before checking it in to your repository
# $ chmod +x decrypt_secret.sh
# $ git add decrypt_secret.sh
# $ git commit -m "Add new decryption script"
# $ git push
# 7. From your workflow, use a step to call the shell script and decrypt the secret. To have a copy of your repository in the environment that your workflow runs in, you'll need to use the actions/checkout action. Reference your shell script using the run command relative to the root of your repository.
# >>>
# name: Workflows with large secrets
# on: push
# jobs:
# my-job:
# name: My Job
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v2
# - name: Decrypt large secret
# run: ./.github/scripts/decrypt.sh
# env:
# CONFIG_INI_PASSPHRASE: ${{ secrets.CONFIG_INI_PASSPHRASE }}
# >>>