Hey everyone, So you want to encode a file and upload it to Github secrets ?
The first thing you need is to encrypt and encode your file We are going to do this with GnuPG as it is a universal crypto engine which can be used directly from a command line prompt, from shell scripts, or from other programs.
Step One - Installing GnuPG if you don't have it already
The first step is to make sure GnuPG is installed in your machine by running the following command
gpg --version
If GnuPG is already installed in your pc you should see an output similar to this :
I believe GnuPG is installed by default in linux and windows but if its not installed on your machine you can quickly visit GnuPG site and get the right binaries for your machine.
for Mac os users GnuPG is not installed by default. You will have to download the binaries, I prefer using homeBrew so if you have home brew run the following command to install it.
brew install gnupg
This will install gnupg. You can quickly verify the installation by running.
gpg --version
Step to 2 Encrypting and Encoding file
-
Open your terminal in a directory with the file you want to encode (It's not a must to open the terminal in the same directory I prefer this as the command will be short and sweet)
- Run the following command
gpg -c --armor <YOUR_FILE_NAME>
YOUR_FILE_NAME should the be fullName of the file you want to encrypt and encode
e.g
gpg -c --armor key.keystore
This will prompt you to give create a password to encrypt your file, enter a password (Don't forgot it).
In the same directory where you ran this command a new file is generated the file name will be by default the full file name with a .asc extension
e.g key.keystore.asc
Step 3 Uploading to Github secrets
Open the .asc file that was created in the previous step, copy everything in the file using
cmd + aon (mac)ctrl + a(windows).Visit Github, your repository then go to settings
- On your bottom left menu Click on secrets -> actions
- Create a new secret
Give your secret a name then paste the encoded text we copied early in the secret area
- Do this for your encryption password as well.
Step 4 using the secret file
Thats it we done with uploading the file, but how do we decode and use the file ?
Thats easy, in your actions add the following step
- name: Setup keystore file
run: |
echo "${{ secrets.KEYSTORE_FILE }}" > key.keystore.asc
gpg -d --passphrase "${{ secrets.KEY_STORE_GPG_PASSWORD }}" --batch key.keystore.asc > key.keystore
This will write the file into the pipeline's filesystem and now you can access this file in your build.
Top comments (0)