fsebugoutzone.org:9999

       Post ASW4vBMKFFAzCvfNVQ by eliasr@social.librem.one
 (DIR) More posts by eliasr@social.librem.one
 (DIR) Post #ASViLQpj2LZ5mcxw3M by Crocmagnon@fosstodon.org
       2023-02-09T17:43:50Z
       
       0 likes, 0 repeats
       
       How does one deal with secrets shared across GitHub repositories?I currently have several repos under my username (not an org) that share secrets. I currently manage them one by one but it’s tedious. I’d be glad to have some automated way to update them in one swoop.
       
 (DIR) Post #ASViLRasD3HM8r1aXg by Crocmagnon@fosstodon.org
       2023-02-09T17:45:28Z
       
       0 likes, 0 repeats
       
       Just thought I’d ask here first, before delving in ansible and whatnot 😅
       
 (DIR) Post #ASViLSIpZcROLBah3g by eliasr@social.librem.one
       2023-02-09T17:54:31Z
       
       0 likes, 0 repeats
       
       @Crocmagnon I can recommend the &quot;pass&quot; utility https://www.passwordstore.org/ that will help you keep your stuff encrypted using gpg, having only the encrypted files in your git repo.How do you do it now, are you using some GitHub-specific way of handling secrets?
       
 (DIR) Post #ASViLSfsBws9UeN5yS by Crocmagnon@fosstodon.org
       2023-02-09T17:43:51Z
       
       0 likes, 0 repeats
       
       @adamchainz or @carlton maybe you’ve already faced a similar issue? 🙂
       
 (DIR) Post #ASVlK0zJwX45CNTBpo by Crocmagnon@fosstodon.org
       2023-02-09T18:27:53Z
       
       0 likes, 0 repeats
       
       @eliasr yes they’re currently stored as GitHub secrets 😊 so they are available as environment variables during GitHub actions workflows.
       
 (DIR) Post #ASVmKZAOy2AV9kTnVY by eliasr@social.librem.one
       2023-02-09T18:39:12Z
       
       0 likes, 0 repeats
       
       @Crocmagnon ok I see, in this case I think using something like pass (or ansible-vault or something of that type) would have two advantages for you:(1) You become independent from GitHub (Microsoft). If GitHub disappears or displeases you, you can just move to different hosting of your git repos without changing anything regarding your secrets.(2) Your secrets become more secret. After all, something is not so secret if it is known by Microsoft 😉
       
 (DIR) Post #ASW3kwM74Yf9pE7Spk by Crocmagnon@fosstodon.org
       2023-02-09T21:54:26Z
       
       0 likes, 0 repeats
       
       @eliasr well yeah but then I would need to pass the private key/password in a GitHub secret to decrypt my vault during the workflows run 🙃These secrets are to be used within these workflows (which are highly platform specific anyway).
       
 (DIR) Post #ASW4vBMKFFAzCvfNVQ by eliasr@social.librem.one
       2023-02-09T22:07:31Z
       
       0 likes, 0 repeats
       
       @Crocmagnon yes, I see, my suggestion is not going to help much in that case. (Or maybe just a little bit, if you have several different GitHub secrets you could at least get that down to a single one, used to unlock a bunch of secrets in your vault?)
       
 (DIR) Post #ASWoYhSjJbje0NsbHE by Crocmagnon@fosstodon.org
       2023-02-10T06:38:50Z
       
       0 likes, 0 repeats
       
       @eliasr that’s right 😊 thanks for your input though!