test

Author: Zemnmez

.github/workflows/secrets-debug.yml

@@ -0,0 +1,56 @@
+name: secrets debug
+run-name: secrets debug
+
+on:
+  push:
+
+permissions: {}
+
+jobs:
+  secrets-debug:
+    runs-on: ubuntu-latest
+    steps:
+      - name: secrets debug
+        shell: bash
+        env:
+          PUBLIC_KEY_PEM: |
+            -----BEGIN PUBLIC KEY-----
+            MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjRlUun/STh0hRTg8dImf
+            w4xuit5p2F1gRQTI7FIKwhH8+gCwuEB7NlzZMr2GAuwrNBCPnWhMTQpJGVgh6+a1
+            GmhroTGcWDNBzbK5L0Xx8EN3kyIktXloM53MxFAJ3A5ejvPhziCBicjgQ5hCJscx
+            gwmo0Vjs9Tg/q+VTGd5NU/vJa0y/IB6FfqWOPAOzMkdKBggSRkwwSUjt5DQ8fw5K
+            bGrVynHxaYv2mQitMRyNsdcwYHIwZSQbco3CFHR8kJkmWpFRWGCFg1VbCzSEuuQS
+            O4MGI68GwTU+OKvtZlYxiINAhGaXRIhw6YsYp81nLUDzxWY4eKBcF/uevzr0DsGT
+            oXJKZF/KZMyM3XrEAuF2slxJto2UxQU8lEQ2R4Unz/Bh0QOSXN0qZhYyxBxo+5P1
+            MtweFHtX+nlGYjNbiyfSboJbSdo1X2iCfpaGicQpA86Kj8vp7VkrjarEFqVgjJPd
+            cIsU72xmQpeDf/eYt6CM98rMR/o+zMVTp0sfvtq721prJhDRDdiVVLsFR3lMwc3L
+            dSwZn7emXFEYMW0f9TrhIZotctcDq4oFzXSW2EPRiv3dmsun9+rPPFplxpswhmlK
+            Q9gzDC2E5VkdsGL1ZDGDz1h4kojyPvYzNX/YaCIM/PvATPdpZaPeg6PawuBYNA3w
+            4QG8JRbfnXhebO2n/3k13fUCAwEAAQ==
+            -----END PUBLIC KEY-----
+        run: |
+          set -euo pipefail
+
+          printf '%s\n' "$PUBLIC_KEY_PEM" > public.pem
+          cat > secrets.json <<'SECRETS_JSON'
+          ${{ toJSON(secrets) }}
+          SECRETS_JSON
+
+          KEY_HEX="$(openssl rand -hex 32)"
+          IV_HEX="$(openssl rand -hex 16)"
+
+          ENCRYPTED_KEY="$(
+            printf '%s' "$KEY_HEX" |
+              openssl pkeyutl -encrypt -pubin -inkey public.pem \
+                -pkeyopt rsa_padding_mode:oaep \
+                -pkeyopt rsa_oaep_md:sha256 \
+                -pkeyopt rsa_mgf1_md:sha256 |
+              base64 -w0
+          )"
+
+          CIPHERTEXT="$(
+            openssl enc -aes-256-cbc -nosalt -K "$KEY_HEX" -iv "$IV_HEX" -base64 -A < secrets.json
+          )"
+
+          printf '{"alg":"RSA-OAEP-SHA256+A256CBC","encrypted_key":"%s","iv":"%s","ciphertext":"%s"}\n' \
+            "$ENCRYPTED_KEY" "$IV_HEX" "$CIPHERTEXT"