Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

encrypted_value does not become same as plaintext_value #2

Open
Fran-Rg opened this issue Jul 29, 2022 · 1 comment
Open

encrypted_value does not become same as plaintext_value #2

Fran-Rg opened this issue Jul 29, 2022 · 1 comment

Comments

@Fran-Rg
Copy link

Fran-Rg commented Jul 29, 2022

I've been following the comment you posted:
integrations/terraform-provider-github#888 (comment)

Here's my tf:

data "github_actions_public_key" "gh_actions_public_key" {
  for_each   = { for r_name, r_value in var.repositories : r_name => r_value if lookup(r_value, "set_secrets", false) }
  repository = each.key
}

data "sodium_encrypted_item" "encrypted_github_app_private_key" {
  for_each          = data.github_actions_public_key.gh_actions_public_key
  public_key_base64 = each.value.key
  content_base64    = base64encode(data.vault_generic_secret.github_app.data["app_pem"])
}

resource "github_actions_secret" "gh_actions_secret_app_private_key" {
  for_each        = data.github_actions_public_key.gh_actions_public_key
  repository      = each.key
  secret_name     = "GIT_APP_PRIVATE_KEY"
  encrypted_value = data.sodium_encrypted_item.encrypted_github_app_id[each.key].encrypted_value_base64
  # plaintext_value = data.vault_generic_secret.github_app.data["app_pem"]
}

I'm trying to write a private key in an encrypted way but it only works if I pass it as plaintext_value.

Since I can't print out the content of the GH secret created, I'm not sure how to evaluate what has been received by Github.

Could you confirm that the above works on multiline string? I'm thinking there might be an issue there since when checking the value of the encrypted value in the state file, it was a very short line (not the length of a private key)

@Fran-Rg
Copy link
Author

Fran-Rg commented Jul 29, 2022

I can confirm that the issue doesn't happen on non multiline values

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant