Skip to content
/ ejsonkms-action Public
forked from Drafteame/ejson-action

Github action that helps to execute encryption and decryption of ejsonkms files

License

MIT license
0 stars 2 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

compono/ejsonkms-action

BranchesTags
 
 

Repository files navigation

ejsonkms-action

Simple github action that helps to execute encryption and decryption of ejsonkms file

Configuration

- name: ejsonkms action
  uses: compono/ejsonkms-action@main
  with:
    action: decrypt # [encrypt, decrypt]
    file-path: <path-to-ejsonkms-file>
    out-file: <path-to-json-file> # File where the decrypted content will be stored (optional)
    aws-region: <region> # AWS region which is required by decrypt mode (optional)
    populate-env-vars: true | false # Populate the environment variables with the decrypted key-pairs content (optional)
    prefix-env-vars: <prefix> # Add prefix to environment variables (optional)

Outputs

Output Description
decrypted Decrypted content of the file when the action is performed with the decrypt action

Usage

jobs:
  test:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout Repository
      uses: actions/checkout@v4

    - name: Decrypt file
      uses: compono/ejsonkms-action@main
      id: decrypt
      env:
        AWS_REGION: <aws-region>
        AWS_ACCESS_KEY_ID: <key-id>
        AWS_SECRET_ACCESS_KEY: <redacted>
      with:
        action: decrypt
        aws-region: ${{ env.AWS_REGION }}
        file-path: <path-to-ejsonkms-file>
        out-file: <path-to-json-file>

    - name: Decrypted content
      run: |
        echo "Decrypted:"
        echo '${{ steps.decrypt.outputs.decrypted }}'
        echo
        echo

        echo "Stored File:"
        cat <path-to-json-file>
        echo

    - name: Encrypt file
      uses: compono/ejsonkms-action@main
      id: encrypt
      with:
        action: encrypt
        file-path: <path-to-ejsonkms-file>

    - name: Encrypted content
      run: |
        echo "Encrypted content:"
        cat <path-to-ejson-file>

Another great feature is to populate environment variable with the decrypted key-value pairs:

# just imagine that the ejsonkms file has following key-value pairs:
# KEY1: "encryped_value"
jobs:
  test:
    runs-on: ubuntu-latest

    steps:
    - name: Checkout Repository
      uses: actions/checkout@v4

    - name: Decrypt file and populate GITHUB_ENV
      uses: compono/ejsonkms-action@main
      id: decrypt
      env:
        AWS_REGION: <aws-region>
        AWS_ACCESS_KEY_ID: <key-id>
        AWS_SECRET_ACCESS_KEY: <redacted>
      with:
        action: decrypt
        aws-region: ${{ env.AWS_REGION }}
        file-path: <path-to-ejsonkms-file>
        populate-env-vars: true

    - name: List env vars
      run:
        echo "${{ env.KEY1 }}"

Credits

About

Github action that helps to execute encryption and decryption of ejsonkms files

Topics

kms ejson

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

1 fork
Report repository

Releases

2 tags

Packages

No packages published

Languages

  • JavaScript 83.5%
  • Dockerfile 8.3%
  • Shell 8.2%