add tmp github action #8
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Recovering secrets | |
| # Assumption: | |
| # You've created the following GitHub secrets in your repository: | |
| # MY_CLIENT_SECRET - encrypt/decrypt with openssl - useful for public and public repositories | |
| # MY_OPENSSL_PASSWORD - used to protect secrets | |
| # MY_OPENSSL_ITER - Use a number of iterations on the password to derive the encryption key. | |
| # High values increase the time required to brute-force the resulting file. | |
| # This option enables the use of PBKDF2 algorithm to derive the key. | |
| on: | |
| push: | |
| workflow_dispatch: | |
| jobs: | |
| openssl: | |
| name: Recover With OpenSSL | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - env: | |
| #KEY_ALIAS: ${{ secrets.KEY_ALIAS }} | |
| KEY_PASSWORD: ${{ secrets.KEY_PASSWORD }} | |
| #KEY_STORE: ${{ secrets.KEY_STORE }} | |
| #KEY_STORE_PASSWORD: ${{ secrets.KEY_STORE_PASSWORD }} | |
| OPENSSL_PASSWORD: ${{ secrets.OPENSSL_PASSWORD }} | |
| OPENSSL_ITER: ${{ secrets.OPENSSL_ITER }} | |
| run: | | |
| echo "$(echo "${KEY_PASSWORD}" | openssl enc -e -aes-256-cbc -a -pbkdf2 -iter ${OPENSSL_ITER} -k "${OPENSSL_PASSWORD}")" |