如何为Github Action Secrets API加密存储库密码

huangapple go评论83阅读模式
英文:

How to encrypt repository secret for Github Action Secrets API

问题

使用Github Action Secrets API创建存储库密钥时,我们需要使用sodium库对密钥进行加密。Github文档中没有提供Go的示例。有人可以帮我编写一个加密密钥的函数吗?

我的当前实现如下:

func EncodeWithPublicKey(text string, publicKey string) (string, error) {
	// 将公钥从base64解码
	publicKeyBytes, _ := base64.StdEncoding.DecodeString(publicKey)
	fmt.Printf("%x\n\n", publicKeyBytes)

	// 生成密钥对
	_, privateKey, _ := box.GenerateKey(rand.Reader)
	fmt.Printf("私钥: %x\n\n", *privateKey)

	// 将公钥转换为字节
	var publicKeyDecoded [32]byte
	copy(publicKeyDecoded[:], publicKeyBytes)

	// 加密密钥值
	nonce := new([24]byte)
	encrypted := box.Seal(nil, []byte(text), nonce, &publicKeyDecoded, privateKey)
	fmt.Printf("%x\n\n", encrypted)

	// 将加密后的值进行base64编码
	encryptedBase64 := base64.StdEncoding.EncodeToString(encrypted)
	fmt.Printf("%x\n\n\n", encryptedBase64)

	return encryptedBase64, nil
}

我正在使用golang.org/x/crypto/nacl/box

由于当前实现的原因,操作密钥设置不正确,因为构建过程会提示错误"apiToken not found"。然而,如果我在GitHub的网站上设置密钥,部署就可以正常工作。

英文:

To use the Github Action Secrets API for creating repository secret, we have to encrypt the secret key using sodium library. Github docs. Example for Go is not provided. Could anybody help me out by writing a function to encrypt the secret?

My current implementation is as follows:

func EncodeWithPublicKey(text string, publicKey string) (string, error) {
	// Decode the public key from base64
	publicKeyBytes, _ := base64.StdEncoding.DecodeString(publicKey)
	fmt.Printf("%x\n\n", publicKeyBytes)

	// Generate a key pair
	_, privateKey, _ := box.GenerateKey(rand.Reader)
	fmt.Printf("Private key: %x\n\n", *privateKey)

	// Convert publickey to bytes
	var publicKeyDecoded [32]byte
	copy(publicKeyDecoded[:], publicKeyBytes)

	// Encrypt the secret value
	nonce := new([24]byte)
	encrypted := box.Seal(nil, []byte(text), nonce, &publicKeyDecoded, privateKey)
	fmt.Printf("%x\n\n", encrypted)

	// Encode the encrypted value in base64
	encryptedBase64 := base64.StdEncoding.EncodeToString(encrypted)
	fmt.Printf("%x\n\n\n", encryptedBase64)

	return encryptedBase64, nil
}

I am using golang.org/x/crypto/nacl/box.

The action secret is set incorrectly as of current implementation because the build process prompts me with an error "apiToken not found". However, if I set the secret using GitHub's website, the deployment works.

答案1

得分: 2

我不是一个代码编辑器,但是我可以帮你翻译你提供的代码段。以下是翻译好的代码:

func EncodeWithPublicKey(text string, publicKey string) (string, error) {
	// 从base64解码公钥
	publicKeyBytes, err := base64.StdEncoding.DecodeString(publicKey)
	if err != nil {
		return "", err
	}

	// 解码公钥
	var publicKeyDecoded [32]byte
	copy(publicKeyDecoded[:], publicKeyBytes)

	// 加密秘密值
	encrypted, err := box.SealAnonymous(nil, []byte(text), (*[32]byte)(&publicKeyDecoded), rand.Reader)

	if err != nil {
		return "", err
	}
	// 将加密后的值以base64编码
	encryptedBase64 := base64.StdEncoding.EncodeToString(encrypted)

	return encryptedBase64, nil
}

希望这可以帮到你!如果你有任何其他问题,请随时问我。

英文:

I had to change Seal to SealAnonymous

func EncodeWithPublicKey(text string, publicKey string) (string, error) {
	// Decode the public key from base64
	publicKeyBytes, err := base64.StdEncoding.DecodeString(publicKey)
	if err != nil {
		return "", err
	}

	// Decode the public key
	var publicKeyDecoded [32]byte
	copy(publicKeyDecoded[:], publicKeyBytes)

	// Encrypt the secret value
	encrypted, err := box.SealAnonymous(nil, []byte(text), (*[32]byte)(publicKeyBytes), rand.Reader)

	if err != nil {
		return "", err
	}
	// Encode the encrypted value in base64
	encryptedBase64 := base64.StdEncoding.EncodeToString(encrypted)

	return encryptedBase64, nil
}

huangapple
  • 本文由 发表于 2023年6月27日 14:40:44
  • 转载请务必保留本文链接:https://go.coder-hub.com/76562205.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定