add my ssh and gpg private keys

tsirysndr · Apr 4, 2024 · 0248eac · 0248eac
1 parent 32f8086
commit 0248eac
Show file tree

Hide file tree

Showing 3 changed files with 24 additions and 21 deletions.
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -25,6 +25,28 @@ jobs:
         run: echo $GCP_SERVICE_ACCOUNT > fluentci-086b644d4c53.json
         env:
           GCP_SERVICE_ACCOUNT: ${{ secrets.GCP_SERVICE_ACCOUNT }}
+      - name: Set up secrets
+        run: |
+           echo "TF_VAR_secrets={
+            \"cargo_registry_token\": \"$(echo -n "${{ secrets.CARGO_REGISTRY_TOKEN }}" | base64 -w 0)\",
+            \"cf_aws_access_key_id\": \"$(echo -n "${{ secrets.CF_AWS_ACCESS_KEY_ID }}" | base64 -w 0)\",
+            \"cf_aws_secret_access_key\": \"$(echo -n "${{ secrets.CF_AWS_SECRET_ACCESS_KEY }}" | base64 -w 0)\",
+            \"cloudflare_root_key\": \"$(echo -n "${{ secrets.CLOUDFLARE_ROOT_KEY }}" | base64 -w 0)\",
+            \"cloudflare_worker_token\": \"$(echo -n "${{ secrets.CLOUDFLARE_WORKER_TOKEN }}" | base64 -w 0)\",
+            \"dagger_cloud_token\": \"$(echo -n "${{ secrets.DAGGER_CLOUD_TOKEN }}" | base64 -w 0)\",
+            \"deno_deploy_token\": \"$(echo -n "${{ secrets.DENO_DEPLOY_TOKEN }}" | base64 -w 0)\",
+            \"hex_api_key\": \"$(echo -n "${{ secrets.HEX_API_KEY }}" | base64 -w 0)\",
+            \"mvola_consumer_key\": \"$(echo -n "${{ secrets.MVOLA_CONSUMER_KEY }}" | base64 -w 0)\",
+            \"mvola_consumer_secret\": \"$(echo -n "${{ secrets.MVOLA_CONSUMER_SECRET }}" | base64 -w 0)\",
+            \"netlify_auth_token\": \"$(echo -n "${{ secrets.NETLIFY_AUTH_TOKEN }}" | base64 -w 0)\",
+            \"pulumi_access_token\": \"$(echo -n "${{ secrets.PULUMI_ACCESS_TOKEN }}" | base64 -w 0)\",
+            \"shuttle_api_key\": \"$(echo -n "${{ secrets.SHUTTLE_API_KEY }}" | base64 -w 0)\",
+            \"sonar_token\": \"$(echo -n "${{ secrets.SONAR_TOKEN }}" | base64 -w 0)\",
+            \"spin_auth_token\": \"$(echo -n "${{ secrets.SPIN_AUTH_TOKEN }}" | base64 -w 0)\",
+            \"wasmer_token\": \"$(echo -n "${{ secrets.WASMER_TOKEN }}" | base64 -w 0)\",
+            \"ssh_private_key\": \"$(echo -n "${{ secrets.SSH_PRIVATE_KEY }}" | base64 -w 0)\",
+            \"gpg_private_key\": \"$(echo -n "${{ secrets.GPG_PRIVATE_KEY }}" | base64 -w 0)\"
+          }" >> $GITHUB_ENV
       - name: Run Terraform Init, Validate, Plan and Apply
         run: fluentci run terraform_pipeline init validate plan apply
         env:
@@ -36,25 +58,6 @@ jobs:
           TF_VAR_cloudflare_api_token: ${{ secrets.CLOUDFLARE_WORKER_TOKEN }}
           TF_VAR_account_id: fe5b1e2ce9f94f4c0415ab94ce402012
           TF_VAR_worker_name: envhub-installer
-          TF_VAR_secrets: |
-            {
-              "cargo_registry_token": "${{ secrets.CARGO_REGISTRY_TOKEN }}",
-              "cf_aws_access_key_id": "${{ secrets.CF_AWS_ACCESS_KEY_ID }}",
-              "cf_aws_secret_access_key": "${{ secrets.CF_AWS_SECRET_ACCESS_KEY}}",
-              "cloudflare_root_key": "${{ secrets.CLOUDFLARE_ROOT_KEY }}",
-              "cloudflare_worker_token": "${{ secrets.CLOUDFLARE_WORKER_TOKEN }}",
-              "dagger_cloud_token": "${{ secrets.DAGGER_CLOUD_TOKEN }}",
-              "deno_deploy_token": "${{ secrets.DENO_DEPLOY_TOKEN }}",
-              "hex_api_key": "${{ secrets.HEX_API_KEY }}",
-              "mvola_consumer_key": "${{ secrets.MVOLA_CONSUMER_KEY }}",
-              "mvola_consumer_secret": "${{ secrets.MVOLA_CONSUMER_SECRET }}",
-              "netlify_auth_token": "${{ secrets.NETLIFY_AUTH_TOKEN }}",
-              "pulumi_access_token": "${{ secrets.PULUMI_ACCESS_TOKEN }}",
-              "shuttle_api_key": "${{ secrets.SHUTTLE_API_KEY }}",
-              "sonar_token": "${{ secrets.SONAR_TOKEN }}",
-              "spin_auth_token": "${{ secrets.SPIN_AUTH_TOKEN }}",
-              "wasmer_token": "${{ secrets.WASMER_TOKEN }}",
-            }
       - name: Install Homebrew
         run: |
           /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

diff --git a/cloudflare.tf b/cloudflare.tf
@@ -16,6 +16,6 @@ resource "cloudflare_worker_secret" "secrets" {
   provider    = cloudflare
   name        = upper(each.key)
   script_name = var.worker_name
-  secret_text = var.secrets[each.key]
+  secret_text = base64decode(var.secrets[each.key])
   account_id  = var.account_id
 }
diff --git a/main.tf b/main.tf
@@ -32,7 +32,7 @@ resource "google_secret_manager_secret_version" "secrets" {
   for_each    = var.secrets
   provider    = google
   secret      = google_secret_manager_secret.secrets[each.key].id
-  secret_data = var.secrets[each.key]
+  secret_data = base64decode(var.secrets[each.key])
 }
 
 terraform {