Skip to content

Instantly share code, notes, and snippets.

@petzku
Last active October 4, 2019 10:16
Show Gist options
  • Save petzku/d897635d3413f837475d16c35edd8f49 to your computer and use it in GitHub Desktop.
Save petzku/d897635d3413f837475d16c35edd8f49 to your computer and use it in GitHub Desktop.
script to replace secrets into config files
#!/usr/bin/env python3
""" replace secrets with base64-encoded env-vars
Specifically, replace any instance of ${{ secrets.XXXX }} with the Base64 encoded value of $XXXX.
Usage:
`python secrets.py <input file> [output file]`
if output file is unspecified, outputs to stdout.
"""
import os
import re
import base64
import sys
INFILE = sys.argv[1]
with open(INFILE, 'r') as fo:
contents = fo.read()
def base64_env_repl(m):
return base64.b64encode(os.environ[m.group(1)].encode("utf-8")).decode("utf-8")
result = re.sub(r"\$\{\{ secrets.(\w+) \}\}", base64_env_repl, contents)
if len(sys.argv) > 2:
OUTFILE = sys.argv[2]
with open(OUTFILE, 'w') as fo:
fo.write(result)
else:
print(result)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment