Manage your GitHub Actions secrets, with a simple CLI
Python v3.6.7 and above
Install with pip on your machine; the package is available at PyPi
$ pip install githubsecrets
Python v3.6.7 and above
- Clone this repository
- Run the
githubsecrets
module (directory)python -m githubsecrets --help
Expand/Collapse
Mount a local directory to /app
, the image is available at DockerHub
Mount your home directory, or any other directory to save the credentials file
$ docker run --rm -it -v "${HOME}/:/app/" unfor19/githubsecrets secret-list -p unfor19 -r githubsecrets
... # Output below
Output
[
{
"base_url": "https://api.github.com/repos/unfor19/githubsecrets",
"body": {
"secrets": [
{
"created_at": "2020-04-11T00:01:12Z",
"name": "PIP_PASSWORD",
"updated_at": "2020-04-11T00:17:39Z"
},
{
"created_at": "2020-04-10T23:21:28Z",
"name": "PIP_USERNAME",
"updated_at": "2020-04-11T00:17:20Z"
},
{
"created_at": "2020-04-27T20:44:09Z",
"name": "testing",
"updated_at": "2020-04-27T20:45:43Z"
},
{
"created_at": "2020-04-27T20:22:37Z",
"name": "testrepos",
"updated_at": "2020-04-27T20:22:37Z"
},
{
"created_at": "2020-04-14T14:14:44Z",
"name": "TEST_GITHUB_TOKEN",
"updated_at": "2020-04-14T14:14:44Z"
}
],
"total_count": 5
},
"repository": "githubsecrets",
"status_code": 200
}
]
Mount your Temp directory, or any other directory to save the credentials file. Make sure you use /
and not \
$ docker run --rm -it -v c:/Temp:/app/ unfor19/githubsecrets secret-delete -p unfor19 -r githubsecrets -s testrepos
... # Output below
Output
[
{
"base_url": "https://api.github.com/repos/unfor19/githubsecrets",
"repository": "githubsecrets",
"secret_name": "testrepos",
"status_code": 204
}
]
Note: When using Docker, no need to add ghs
; supply only a command and its arguments
-
Initialize this application - Creates a credentials file at
~/.githubsecrets/credentials
$ ghs init
-
Generate a GitHub Personal-Access-Token with the following permissions:
- repo (all)
- admin:public_key > read:public_key
-
Save the token in a safe place; we'll use it in the next step
-
Create a profile, use the
-p
flag and supply a profile name$ ghs profile-apply -p willy_wonka ... SUCCESS: Applied the profile willy_wonka
You'll be prompted to insert:
- Github owner - which is your GitHub Organization or GitHub Account name (not email address)
- Personal access token - that you've created in the previous steps
-
Create a GitHub secret, use the
-r
flag and supply the repository's name. You can apply the same secret to multiple repositories at once, for example:-r "githubsecrets, aws-build-badges"
ghs secret-apply -p willy_wonka -r githubsecrets
You'll be prompted to insert:
- Secret name
- Secret value
-
Use it in your GitHub Actions Workflows
- Snippet
steps: - uses: actions/checkout@v2 - name: Set up Python uses: actions/setup-python@v1 with: python-version: "3.6" - name: Install dependencies run: | ... - name: Build and publish env: TWINE_USERNAME: ${{ secrets.PIP_USERNAME }} TWINE_PASSWORD: ${{ secrets.PIP_PASSWORD }} ... run: | ...
- I'm using secrets in this repository, check out this repository's workflows
- Snippet
- 200 - success
- 204 - success
- 404 - secret or repository not found
View all available commands with ghs --help
Usage: ghs [OPTIONS] COMMAND [ARGS]...
All commands can run without providing options, and then you'll be
prompted to insert values.
Secrets' values and Personal-Access-Tokens are hidden when prompted
Options:
-ci, --ci Use this flag to avoid deletion confirmation prompts
--help Show this message and exit.
Commands:
init Create a credentials file to store your profiles
profile-apply Create or modify multiple profiles providing a string...
profile-delete Delete multiple profiles providing a string delimited by...
profile-list List all profile - truncates personal access tokens
secret-apply Apply to multiple repositories providing a string...
secret-delete Delete secrets from multiple repositories providing a...
secret-get Get secrets from multiple repositories providing a string...
secret-list List secrets of multiple repositories providing a string...
This project uses the keyring package, in some versions of Ubuntu and Debian, you might need to install the following packages
$ sudo apt-get update && sudo apt-get install -y libdbus-glib-1-dev
$ pip install secretstorage dbus-python keyring
Report issues/questions/feature requests on the Issues section.
Pull requests are welcome! Ideally, create a feature branch and issue for every single change you make. These are the steps:
- Fork this repo
- Create your feature branch from master (
git checkout -b my-new-feature
) - Install from source
$ git clone https://github.com/${GITHUB_OWNER}/githubsecrets.git && cd githubsecrets ... $ pip install --upgrade pip ... $ python -m venv ./ENV $ . ./ENV/bin/activate ... $ (ENV) pip install --editable . ... # Done! Now when you run 'ghs' it will get automatically updated when you modify the code
- Add the code of your new feature
- Test - generate a Personal Access Token for testing
$ (ENV) bash scripts/test_functionality.sh -p PROFILE_NAME -o GITHUB_OWNER -t TEST_GITHUB_TOKEN -r GITHUB_REPOSITORY ... # All good? Move on to the next step
- Commit your remarkable changes (
git commit -am 'Added new feature'
) - Push to the branch (
git push --set-up-stream origin my-new-feature
) - Create a new Pull Request and tell us about your changes
Created and maintained by Meir Gabay
Design by facebook.com/KerenOrDesign
This project is licensed under the MIT License - see the LICENSE file for details