如何在Github Actions中访问SECRETS的值?
[英]How to access the value of SECRETS in Github Actions?
问题描述
I'm trying to access the value of SECRET s sent to a GitHub Action, but I'm struggling. 
我正在尝试访问发送到GitHub Action的SECRET的值,但是我很挣扎。 The values are returned as [FILTERED] every time, no matter what the key or the original value is. 无论键或原始值是什么,每次都将这些值作为[FILTERED]返回。
I can access ENVIRONMENT VARIABLES without a problem, so I must be screwing up somewhere else. 我可以毫无问题地访问ENVIRONMENT VARIABLES ,因此我必须在其他地方搞砸。
Essentially, what I'm trying to do is send an ssh key to my action/container, but I get the same issue when sending any other key/value as a secret. 本质上,我想做的是将ssh密钥发送到我的操作/容器,但是在发送其他任何密钥/值作为秘密时,我也会遇到相同的问题。
My (simplified) GitHub Action is as follows: 我的(简化的)GitHub动作如下:
action "Test" {
uses = "./.github/actions/test"
secrets = [
"SSH_PRIVATE_KEY",
"SSH_PUBLIC_KEY",
]
env = {
SSH_PUBLIC_KEY_TEST = "thisisatestpublickey"
}
}
Dockerfile: Dockerfile:
FROM ubuntu:latest
# Args
ARG SSH_PRIVATE_KEY
ARG SSH_PUBLIC_KEY
ARG SSH_PUBLIC_KEY_TEST
# Copy entrypoint
ADD entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]
entrypoint.sh: entrypoint.sh:
#! /bin/sh
SSH_PATH="$HOME/.ssh"
mkdir "$SSH_PATH"
touch "$SSH_PATH/known_hosts"
echo "$SSH_PRIVATE_KEY" > "$SSH_PATH/id_rsa"
echo "$SSH_PUBLIC_KEY" > "$SSH_PATH/id_rsa.pub"
echo "$SSH_PUBLIC_KEY_TEST" > "$SSH_PATH/id_rsa_test.pub"
cat "$SSH_PATH/id_rsa"
cat "$SSH_PATH/id_rsa.pub"
cat "$SSH_PATH/id_rsa_test.pub"
The output of those three cat commands is: 这三个cat命令的输出为:
[FILTERED]
[FILTERED]
thisisatestpublickey
As you can see, I can get (and use) the value of the environment variables, but the secrets aren't being exposed. 如您所见,我可以获取(并使用)环境变量的值,但是秘密没有被公开。
Anyone got any clues? 有人知道吗?
Just to update this, I've also simply tried echoing out both the secrets without quotes in entrypoint.sh: 为了更新这一点,我还尝试了回显entrypoint.sh中两个不带引号的秘密:
echo $SSH_PRIVATE_KEY
echo $SSH_PUBLIC_KEY
...and in the log, I see the full decrypted content of $SSH_PRIVATE_KEY (ie, the actual contents of my ssh key) while $SSH_PUBLIC_KEY still returns [FILTERED] . ...并且在日志中,我看到$SSH_PRIVATE_KEY的完整解密内容(即我的ssh密钥的实际内容),而$SSH_PUBLIC_KEY仍然返回[FILTERED] 。
So, I can assume that we are able to see the contents of secrets inside of an action, but I don't know why I can see just one of them, while the other returns [FILTERED] . 因此,我可以假定我们能够在一个动作中看到秘密的内容,但是我不知道为什么我只能看到其中一个,而另一个返回[FILTERED] 。
Is it a caching thing, maybe? 可能是缓存的东西吗?
I'm just trying to figure out a predictable way to work with this. 我只是想找出一种可预测的方式来处理此问题。
1 个解决方案
解决方案1
2 2019-02-03 17:46:18
As you can see, I can get (and use) the value of the environment variables, but the secrets aren't being exposed.
That's because they're secrets. 那是因为它们是秘密。 The Actions output is explicitly scrubbed for secrets, and they're not displayed. 显式清除了“动作”输出中的秘密,并且不显示它们。
The file contents still contain the secret contents. 文件内容仍包含机密内容。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.