-
-
Save Ravlissimo/78c8212c0220671af7f324c30ecf6ced to your computer and use it in GitHub Desktop.
Decode/Dump Drone CI secrets from database
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
package main | |
import ( | |
"bufio" | |
"os" | |
"crypto/aes" | |
"crypto/cipher" | |
"encoding/hex" | |
"errors" | |
"fmt" | |
) | |
func decrypt(ciphertext []byte, key []byte) (plaintext []byte, err error) { | |
block, err := aes.NewCipher(key) | |
if err != nil { | |
return nil, err | |
} | |
gcm, err := cipher.NewGCM(block) | |
if err != nil { | |
return nil, err | |
} | |
if len(ciphertext) < gcm.NonceSize() { | |
return nil, errors.New("malformed ciphertext") | |
} | |
return gcm.Open(nil, | |
ciphertext[:gcm.NonceSize()], | |
ciphertext[gcm.NonceSize():], | |
nil, | |
) | |
} | |
func main() { | |
reader := bufio.NewReader(os.Stdin) | |
fmt.Print("Enter DRONE_DATABASE_SECRET: ") | |
k, err := reader.ReadString('\n') | |
if err != nil { | |
fmt.Println("failed to read key from stdin", err) | |
return | |
} | |
k = k[:len(k)-1] | |
fmt.Print("Enter your ciphertext dumped from PSQL as hex `select encode(secret_data, 'hex') from secrets where secret_name = xxx`: ") | |
ciph, err := reader.ReadString('\n') | |
if err != nil { | |
fmt.Println("failed to read cipher from stdin", err) | |
return | |
} | |
ciphb, err := hex.DecodeString(ciph[:len(ciph)-1]) | |
if err != nil { | |
fmt.Println("cipher hex to bytes failed") | |
return | |
} | |
p, err := decrypt(ciphb, []byte(k)) | |
if err != nil { | |
fmt.Println("decryption failed",err) | |
return | |
} | |
fmt.Println(string(p)) | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment