Skip to content

Instantly share code, notes, and snippets.

@superboum
Created February 25, 2022 08:35
Show Gist options
  • Save superboum/af1cf7c8bef8bfa9bf10a06e09f1b50a to your computer and use it in GitHub Desktop.
Save superboum/af1cf7c8bef8bfa9bf10a06e09f1b50a to your computer and use it in GitHub Desktop.
Decode/Dump Drone CI secrets from database
package main
import (
"bufio"
"os"
"crypto/aes"
"crypto/cipher"
"encoding/hex"
"errors"
"fmt"
)
func decrypt(ciphertext []byte, key []byte) (plaintext []byte, err error) {
block, err := aes.NewCipher(key)
if err != nil {
return nil, err
}
gcm, err := cipher.NewGCM(block)
if err != nil {
return nil, err
}
if len(ciphertext) < gcm.NonceSize() {
return nil, errors.New("malformed ciphertext")
}
return gcm.Open(nil,
ciphertext[:gcm.NonceSize()],
ciphertext[gcm.NonceSize():],
nil,
)
}
func main() {
reader := bufio.NewReader(os.Stdin)
fmt.Print("Enter DRONE_DATABASE_SECRET: ")
k, err := reader.ReadString('\n')
if err != nil {
fmt.Println("failed to read key from stdin", err)
return
}
k = k[:len(k)-1]
fmt.Print("Enter your ciphertext dumped from PSQL as hex `select encode(secret_data, 'hex') from secrets where secret_name = xxx`: ")
ciph, err := reader.ReadString('\n')
if err != nil {
fmt.Println("failed to read cipher from stdin", err)
return
}
ciphb, err := hex.DecodeString(ciph[:len(ciph)-1])
if err != nil {
fmt.Println("cipher hex to bytes failed")
return
}
p, err := decrypt(ciphb, []byte(k))
if err != nil {
fmt.Println("decryption failed",err)
return
}
fmt.Println(string(p))
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment