如何使用GitHub Actions提取秘密? [英] How can I extract secrets using GitHub Actions?

问题描述

我有一个相当基本的场景.为此，我制作了专用的ssh密钥并将其添加到我的存储库秘密中.

1. 代码被推送到 master

2. GitHub动作通过执行 echo"$ {{secrets.SSH_KEY}}">使用 ssh 将其上传到服务器.键.

3. 之后，我可以使用此密钥连接到我的服务器，例如 ssh -i key devops@myserver.com lsb_release -a

问题在于，由于某些原因，GitHub操作无法将其写入文件，而是将字符 *** 而不是实际的秘密值写入文件中.因此，显然我无法连接到服务器.

如何使用此密码与ssh连接?有没有不用文件就可以连接的方法吗?可以使用GitHub操作完成此常见方案的人可以阐明一些想法吗?

解决方案

好的解决方案是使用gpg加密密钥，将其添加到存储库中，并使用密码在服务器上解密.密码当然应该存储为github项目的机密.

更多有关我在这里的操作方式的信息: https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets

I have a fairly basic scenario. I made a dedicated ssh key for this purpose and added it to my repository secrets.

1. Code gets pushed to master

2. GitHub action uploads it to server using ssh by doing echo "${{ secrets.SSH_KEY }}" > key.

3. After that I can use this key to connect to my server e.g. ssh -i key devops@myserver.com lsb_release -a

The problem is that for some reason GitHub actions cannot write it to file, it writes characters *** instead of the actual secret value into the file. Therefore obviously I cannot connect to my server.

How can I connect with ssh using this secret? Is there a way to connect without using a file? Can someone who did this common scenario using GitHub actions shed some light?

解决方案

The good solution is to use gpg for encrypting the key, adding it to a repo and decrypting it on the server using passphrase. The passprase should be stored as github project secret of course.

More info how I did it here: https://help.github.com/en/actions/automating-your-workflow-with-github-actions/creating-and-using-encrypted-secrets

这篇关于如何使用GitHub Actions提取秘密?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！