DEV Community

Cover image for How to encode and upload a file to GitHub secrets
Nicolas
Nicolas

Posted on • Edited on

How to encode and upload a file to GitHub secrets

Hey everyone, So you want to encode a file and upload it to Github secrets ?

The first thing you need is to encrypt and encode your file We are going to do this with GnuPG as it is a universal crypto engine which can be used directly from a command line prompt, from shell scripts, or from other programs.

Step One - Installing GnuPG if you don't have it already

The first step is to make sure GnuPG is installed in your machine by running the following command

gpg --version
Enter fullscreen mode Exit fullscreen mode

If GnuPG is already installed in your pc you should see an output similar to this :
gpg version details

I believe GnuPG is installed by default in linux and windows but if its not installed on your machine you can quickly visit GnuPG site and get the right binaries for your machine.

for Mac os users GnuPG is not installed by default. You will have to download the binaries, I prefer using homeBrew so if you have home brew run the following command to install it.

brew install gnupg
Enter fullscreen mode Exit fullscreen mode

This will install gnupg. You can quickly verify the installation by running.

gpg --version
Enter fullscreen mode Exit fullscreen mode

Step to 2 Encrypting and Encoding file

  • Open your terminal in a directory with the file you want to encode (It's not a must to open the terminal in the same directory I prefer this as the command will be short and sweet)

    • Run the following command
gpg -c --armor <YOUR_FILE_NAME>
Enter fullscreen mode Exit fullscreen mode

YOUR_FILE_NAME should the be fullName of the file you want to encrypt and encode

e.g

gpg -c --armor key.keystore
Enter fullscreen mode Exit fullscreen mode

This will prompt you to give create a password to encrypt your file, enter a password (Don't forgot it).

Password prompt

In the same directory where you ran this command a new file is generated the file name will be by default the full file name with a .asc extension

e.g key.keystore.asc

Step 3 Uploading to Github secrets

  • Open the .asc file that was created in the previous step, copy everything in the file using cmd + a on (mac) ctrl + a (windows).

  • Visit Github, your repository then go to settings

Github settings

  • On your bottom left menu Click on secrets -> actions

secrets actions

  • Create a new secret

Create a new secret

Give your secret a name then paste the encoded text we copied early in the secret area

creating a new secret

  • Do this for your encryption password as well.

Step 4 using the secret file

Thats it we done with uploading the file, but how do we decode and use the file ?

Thats easy, in your actions add the following step

- name: Setup keystore file
    run: |
    echo "${{ secrets.KEYSTORE_FILE }}" > key.keystore.asc
    gpg -d --passphrase "${{ secrets.KEY_STORE_GPG_PASSWORD }}" --batch key.keystore.asc > key.keystore
Enter fullscreen mode Exit fullscreen mode

decode file from Github secrets

This will write the file into the pipeline's filesystem and now you can access this file in your build.

Top comments (0)