stackoom
  简体   繁体   中英

How to access the value of SECRETS in Github Actions?

 原文  2019-02-03 14:24:36       github/ github-actions

Question

I'm trying to access the value of SECRET s sent to a GitHub Action, but I'm struggling. The values are returned as [FILTERED] every time, no matter what the key or the original value is.

I can access ENVIRONMENT VARIABLES without a problem, so I must be screwing up somewhere else.

Essentially, what I'm trying to do is send an ssh key to my action/container, but I get the same issue when sending any other key/value as a secret.

My (simplified) GitHub Action is as follows: 

action "Test" {
  uses = "./.github/actions/test"
  secrets = [
    "SSH_PRIVATE_KEY",
    "SSH_PUBLIC_KEY",
  ]
  env = {
    SSH_PUBLIC_KEY_TEST = "thisisatestpublickey"
  }
}

Dockerfile: 

FROM ubuntu:latest

# Args
ARG SSH_PRIVATE_KEY
ARG SSH_PUBLIC_KEY
ARG SSH_PUBLIC_KEY_TEST

# Copy entrypoint
ADD entrypoint.sh /entrypoint.sh
RUN chmod +x /entrypoint.sh
ENTRYPOINT ["/entrypoint.sh"]

entrypoint.sh: 

#! /bin/sh

SSH_PATH="$HOME/.ssh"

mkdir "$SSH_PATH"
touch "$SSH_PATH/known_hosts"

echo "$SSH_PRIVATE_KEY" > "$SSH_PATH/id_rsa"
echo "$SSH_PUBLIC_KEY" > "$SSH_PATH/id_rsa.pub"
echo "$SSH_PUBLIC_KEY_TEST" > "$SSH_PATH/id_rsa_test.pub" 

cat "$SSH_PATH/id_rsa"
cat "$SSH_PATH/id_rsa.pub"
cat "$SSH_PATH/id_rsa_test.pub"

The output of those three cat commands is: 

[FILTERED]
[FILTERED]
thisisatestpublickey

As you can see, I can get (and use) the value of the environment variables, but the secrets aren't being exposed.

Anyone got any clues?

Just to update this, I've also simply tried echoing out both the secrets without quotes in entrypoint.sh: 

echo $SSH_PRIVATE_KEY
echo $SSH_PUBLIC_KEY

...and in the log, I see the full decrypted content of $SSH_PRIVATE_KEY (ie, the actual contents of my ssh key) while $SSH_PUBLIC_KEY still returns [FILTERED] .

So, I can assume that we are able to see the contents of secrets inside of an action, but I don't know why I can see just one of them, while the other returns [FILTERED] .

Is it a caching thing, maybe?

I'm just trying to figure out a predictable way to work with this.

1 answers

solution1
 2  2019-02-03 17:46:18

As you can see, I can get (and use) the value of the environment variables, but the secrets aren't being exposed.

That's because they're secrets. The Actions output is explicitly scrubbed for secrets, and they're not displayed.

The file contents still contain the secret contents.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to set secrets in Github Actions? How do I use secrets in Github Actions? Passing secrets to GitHub Actions Manage secrets in GitHub Actions How do I get all GitHub secrets into env variables for Actions to access (powershell in my case)? Github Actions Secrets value is blank after adding a new Secret GitHub Actions - empty env secrets GitHub Actions: How to mask workflow_dispatch inputs, like secrets? how to use secrets in github actions without revealing the secret How to access github tag message in github actions
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM