如何使用GitHub Actions提取秘密? [英] How can I extract secrets using GitHub Actions?
问题描述
我有一个相当基本的场景.为此,我制作了专用的ssh密钥并将其添加到我的存储库秘密中.
-
代码被推送到
master
-
GitHub动作通过执行
echo"$ {{secrets.SSH_KEY}}">使用
.ssh
将其上传到服务器.键 -
之后,我可以使用此密钥连接到我的服务器,例如
ssh -i key devops@myserver.com lsb_release -a
问题在于,由于某些原因,GitHub操作无法将其写入文件,而是将字符 ***
而不是实际的秘密值写入文件中.因此,显然我无法连接到服务器.
如何使用此密码与ssh连接?有没有不用文件就可以连接的方法吗?可以使用GitHub操作完成此常见方案的人可以阐明一些想法吗?
好的解决方案是使用gpg加密密钥,将其添加到存储库中,并使用密码在服务器上解密.密码当然应该存储为github项目的机密.
更多有关我在这里的操作方式的信息: https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets >
I have a fairly basic scenario. I made a dedicated ssh key for this purpose and added it to my repository secrets.
Code gets pushed to
master
GitHub action uploads it to server using
ssh
by doingecho "${{ secrets.SSH_KEY }}" > key
.After that I can use this key to connect to my server e.g.
ssh -i key devops@myserver.com lsb_release -a
The problem is that for some reason GitHub actions cannot write it to file, it writes characters ***
instead of the actual secret value into the file. Therefore obviously I cannot connect to my server.
How can I connect with ssh using this secret? Is there a way to connect without using a file? Can someone who did this common scenario using GitHub actions shed some light?
The good solution is to use gpg for encrypting the key, adding it to a repo and decrypting it on the server using passphrase. The passprase should be stored as github project secret of course.
More info how I did it here: https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets
这篇关于如何使用GitHub Actions提取秘密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!