devwithkrishna
diff --git a/‎.github/workflows/simple-az-check-secret.yaml‎
Lines changed: 14 additions & 14 deletions b/‎.github/workflows/simple-az-check-secret.yaml‎
Lines changed: 14 additions & 14 deletions
diff --git a/‎README.md‎
Lines changed: 18 additions & 0 deletions b/‎README.md‎
Lines changed: 18 additions & 0 deletions
diff --git a/‎create_repo_secrets.py‎
Lines changed: 47 additions & 44 deletions b/‎create_repo_secrets.py‎
Lines changed: 47 additions & 44 deletions
diff --git a/‎encrypt_using_libnacl.py‎
Lines changed: 34 additions & 29 deletions b/‎encrypt_using_libnacl.py‎
Lines changed: 34 additions & 29 deletions
@@ -1,25 +1,25 @@
 name: Azure Auth and az account show
 
 on:
-  push:
-  workflo_dispatch:
+  #  push:
+  workflow_dispatch:
 
 jobs:
   azure-auth:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Checkout repository
-      uses: actions/checkout@v2
+      - name: Checkout repository
+        uses: actions/checkout@v2
 
-    - name: Set up Azure CLI
-      uses: azure/CLI@v1
+      - name: Azure CLI script
+        uses: azure/cli@v2
+        with:
+          azcliversion: latest
+          inlineScript: |
+            az login --service-principal -u ${{ secrets.ARM_CLIENT_ID }} -p ${{ secrets.ARM_CLIENT_SECRET }} --tenant ${{ secrets.ARM_TENANT_ID }}
+            az account set --subscription ${{ secrets.ARM_SUBSCRIPTION_ID }}
+            az account show -o json
 
-    - name: Login via Azure CLI
-      run: |
-        az login --service-principal -u ${{ secrets.ARM_CLIENT_ID }} -p ${{ secrets.ARM_CLIENT_SECRET }} --tenant ${{ secrets.ARM_TENANT_ID }}
-        az account set --subscription ${{ secrets.ARM_SUBSCRIPTION_ID }}
-        az account show -o json
-
-    - name: Completed
-      run: echo 'completed'
+      - name: Completed
+        run: echo 'completed'
@@ -1,2 +1,20 @@
 # github-get-secrets-from-azure-kv-and-configure-as-repo-secrets
+
 Fetch Specific Secrets from Azure key vault and configure as repo secrets
+
+# Mandatory Environment variables
+
+The below are used for authentication and programatical usage
+
+```commandline
+AZURE_CLIENT_ID
+AZURE_TENANT_ID
+AZURE_CLIENT_ID
+```
+
+The below one is used to determine the owner of repo. This is a environment variable provided by GitHub.
+
+```commandline
+GITHUB_REPOSITORY_OWNER
+```
+
@@ -1,60 +1,63 @@
-import requests
 import os
 from datetime import datetime
+
 import pytz
+import requests
+
 
 def current_ist_time():
-    """code to return time in IST"""
-    # Get the current time in IST
-    ist = pytz.timezone('Asia/Kolkata')
-    ist_now = datetime.now(ist)
+	"""code to return time in IST"""
+	# Get the current time in IST
+	ist = pytz.timezone('Asia/Kolkata')
+	ist_now = datetime.now(ist)
 
-    # Format and print the current time in IST
-    ist_now_formatted = ist_now.strftime('%Y-%m-%d %H:%M:%S %Z%z')
-    return ist_now_formatted
+	# Format and print the current time in IST
+	ist_now_formatted = ist_now.strftime('%Y-%m-%d %H:%M:%S %Z%z')
+	return ist_now_formatted
 
 
 def create_or_update_repository_secret_github(repo_name: str, secret_name: str, secret_value: str, public_key_id: int):
-    """
-    Create or update org level secret in GitHub
-    Ref https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#create-or-update-an-organization-secret
-
-    The token must have the following permission set: organization_secrets:write
-    """
-    encrypted_secret = secret_value
-    organization = os.getenv('GITHUB_REPOSITORY_OWNER')
-
-    if not encrypted_secret:
-        print("ENCRYPTED_SECRET environment variable is not set or is empty.")
-    # print(f'encrypted sec is: {encrypted_secret}')
-    ist_now_formatted = current_ist_time()
-    github_repo_secret_endpoint = f"https://api.github.com/repos/{organization}/{repo_name}/actions/secrets/{secret_name}"
-
-    headers = {
-        "Accept": "application/vnd.github+json",
-        "Authorization": f"Bearer {os.getenv('GH_TOKEN')}",
-        "X-GitHub-Api-Version": "2022-11-28"
-    }
-    data = {
-        "encrypted_value": encrypted_secret,
-        "visibility": "all",
-        "key_id": public_key_id
-    }
-    response = requests.put(github_repo_secret_endpoint, headers=headers, json=data)
-    if response.status_code == 201:
-        print(f"Secret {secret_name} created on {repo_name} at {ist_now_formatted} ")
-    else:
-        print(f"Secret {secret_name} updated on {repo_name} at {ist_now_formatted} ")
+	"""
+	Create or update org level secret in GitHub
+	Ref https://docs.github.com/en/rest/actions/secrets?apiVersion=2022-11-28#create-or-update-an-organization-secret
+
+	The token must have the following permission set: organization_secrets:write
+	"""
+	encrypted_secret = secret_value
+	organization = os.getenv('GITHUB_REPOSITORY_OWNER')
+
+	if not encrypted_secret:
+		print("ENCRYPTED_SECRET environment variable is not set or is empty.")
+	# print(f'encrypted sec is: {encrypted_secret}')
+	ist_now_formatted = current_ist_time()
+	github_repo_secret_endpoint = f"https://api.github.com/repos/{organization}/{repo_name}/actions/secrets/{secret_name}"
+
+	headers = {
+		"Accept": "application/vnd.github+json",
+		"Authorization": f"Bearer {os.getenv('GH_TOKEN')}",
+		"X-GitHub-Api-Version": "2022-11-28"
+	}
+	data = {
+		"encrypted_value": encrypted_secret,
+		"visibility": "all",
+		"key_id": public_key_id
+	}
+	response = requests.put(github_repo_secret_endpoint, headers=headers, json=data)
+	if response.status_code == 201:
+		print(f"Secret {secret_name} created on {repo_name} at {ist_now_formatted} ")
+	else:
+		print(f"Secret {secret_name} updated on {repo_name} at {ist_now_formatted} ")
 
 
 def main():
-    """To test the code"""
+	"""To test the code"""
+
+	organization = os.getenv('GITHUB_REPOSITORY_OWNER')
+	secret_name = os.getenv('secret_name')
 
-    organization = os.getenv('organization')
-    secret_name = os.getenv('secret_name')
+	# Function call
+	create_or_update_repository_secret_github(organization, secret_name)
 
-    # Function call
-    create_or_update_repository_secret_github(organization, secret_name)
 
 if __name__ == "__main__":
-    main()
+	main()
@@ -4,40 +4,45 @@
 # The function then encrypts the provided value using the public key and returns the result in a Base64-encoded format.
 # For example, calling encrypt("aSBhbSBrcmlzaG5hZGhhcwo=", "aSBhbSBrcmlzaG5hZGhhcwo=") demonstrates how to encrypt a sample Unicode string using a specified public key.
 # Ensure proper handling and security of public keys and secret values within your application.
-from get_repo_public_key import get_repository_public_key
+import os
 from base64 import b64encode
+
 from nacl import encoding, public
-import os
+
+from get_repo_public_key import get_repository_public_key
+
 
 def encrypt(public_key: str, secret_value: str) -> str:
-    """Encrypt a Unicode string using the public key."""
-    public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
-    sealed_box = public.SealedBox(public_key)
-    encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
-    return b64encode(encrypted).decode("utf-8")
+	"""Encrypt a Unicode string using the public key."""
+	public_key = public.PublicKey(public_key.encode("utf-8"), encoding.Base64Encoder())
+	sealed_box = public.SealedBox(public_key)
+	encrypted = sealed_box.encrypt(secret_value.encode("utf-8"))
+	return b64encode(encrypted).decode("utf-8")
+
 
 def main():
-    organization = os.getenv('organization')
-    repository_name = os.getenv('repository_name')
-    repo_public_key = get_repository_public_key(organization=organization, repository_name=repository_name)
-    # repo_public_key = os.environ.get("REPOSITORY_PUBLIC_KEY")
-    # secret_value = os.environ.get("SECRET_VALUE")
-    # public_key = "<public key here for local testing>"
-    secret_value = "Krishnadhas"
-
-    if not (repo_public_key and secret_value):
-        print("Please set REPOSITORY_PUBLIC_KEY and SECRET_VALUE environment variables.")
-        exit(1)
-
-    try:
-        encrypted_secret = encrypt(repo_public_key, secret_value)
-        os.system(f'echo "ENCRYPTED_SECRET={encrypted_secret}" >> $GITHUB_ENV')
-        print(f"Encrypted Secret: {encrypted_secret}")
-        print(f"Encrypted secret added as a environment variable")
-        return encrypted_secret
-    except Exception as e:
-        print(f"Error encrypting secret: {e}")
-        exit(1)
+	organization = os.getenv('organization')
+	repository_name = os.getenv('repository_name')
+	repo_public_key = get_repository_public_key(organization=organization, repository_name=repository_name)
+	# repo_public_key = os.environ.get("REPOSITORY_PUBLIC_KEY")
+	# secret_value = os.environ.get("SECRET_VALUE")
+	# public_key = "<public key here for local testing>"
+	secret_value = "Krishnadhas"
+
+	if not (repo_public_key and secret_value):
+		print("Please set REPOSITORY_PUBLIC_KEY and SECRET_VALUE environment variables.")
+		exit(1)
+
+	try:
+		encrypted_secret = encrypt(repo_public_key, secret_value)
+		os.system(f'echo "ENCRYPTED_SECRET={encrypted_secret}" >> $GITHUB_ENV')
+		print(f"Encrypted Secret: {encrypted_secret}")
+		print(f"Encrypted secret added as a environment variable")
+		return encrypted_secret
+	except Exception as e:
+		print(f"Error encrypting secret: {e}")
+		exit(1)
+
 
 if __name__ == "__main__":
-    main()
+	main()