Created
November 3, 2022 13:21
-
-
Save jdheywood/addff2e5c98d12f3353387578ff89f30 to your computer and use it in GitHub Desktop.
(re)Discover GitHub action secret values
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Thanks to https://stackoverflow.com/users/413924/dannyb | |
| # And this SO post: https://stackoverflow.com/questions/63003669/how-can-i-see-my-git-secrets-unencrypted#:~:text=In%20order%20to%20see%20your,and%20view%20your%20secrets%20file. | |
| name: Show me teh secretz | |
| on: [push] | |
| jobs: | |
| debug: | |
| name: Debug | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out code | |
| uses: actions/checkout@v2 | |
| - name: Set up secret file | |
| env: | |
| MY_SECRET: ${{ secrets.MY_SECRET }} | |
| ANOTHER_ONE: ${{ secrets.ANOTHER_ONE }} | |
| run: | | |
| echo 'Show me plz' | |
| echo $MY_SECRET >> secrets.txt | |
| echo $ANOTHER_ONE >> secrets.txt | |
| - name: Run tmate | |
| uses: mxschmitt/action-tmate@v2 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Say for example you inherited a repo with CI/CD setup relying on secret values and you need to port/adapt or otherwise discover one or more of these secret values.
Add this to main, push, watch it run, SSH into the address it spits out, cat the secrets.txt file, et voila