From c7fe1ba0f88d463d95dc5e6a5aa1ac767e8aeb58 Mon Sep 17 00:00:00 2001 From: Cheran Date: Tue, 24 Sep 2024 19:13:19 +0530 Subject: [PATCH 1/4] Download from s3 to decrypt --- .circleci/config.yml | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 9fd9965..784fe35 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -122,15 +122,26 @@ jobs: name: Decode secrets and environment variables command: | if [ -n "<< pipeline.parameters.SECRETS >>" ]; then - echo "Decoding secrets..." - DECRYPTED_JSON=$(node ~/project/decrypt.js '<< pipeline.parameters.SECRETS >>') - if [[ $DECRYPTED_JSON == {* ]]; then - echo "$DECRYPTED_JSON" | jq -r 'to_entries | map("export \(.key)=\(.value|@sh)") | .[]' > ~/project/decrypted_secrets.txt - else - echo "export DECRYPTED_SECRET=$DECRYPTED_JSON" > ~/project/decrypted_secrets.txt - fi + echo "Downloading and decoding secrets..." + + # Configure AWS CLI + aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID + aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY + aws configure set default.region $AWS_REGION + + # Download secrets file from S3 + SECRETS_URL="<< pipeline.parameters.SECRETS >>" + aws s3 cp "$SECRETS_URL" ~/project/encrypted_secrets.json + + # Decrypt the secrets + DECRYPTED_JSON=$(node ~/project/decrypt.js "$(cat ~/project/encrypted_secrets.json)") + + echo "$DECRYPTED_JSON" | jq -r 'to_entries | map("export \(.key)=\(.value|@sh)") | .[]' > ~/project/decrypted_secrets.txt source ~/project/decrypted_secrets.txt cat ~/project/decrypted_secrets.txt + + # Clean up + rm ~/project/encrypted_secrets.json fi if [ -n "<< pipeline.parameters.ENVIRONMENT_VARIABLES >>" ]; then From d38041b8cc4d7c130a22f1871d5efafc9c45eec6 Mon Sep 17 00:00:00 2001 From: Cheran Date: Tue, 24 Sep 2024 19:16:35 +0530 Subject: [PATCH 2/4] Use secret value directly --- .circleci/config.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index 784fe35..a99c0e7 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -130,8 +130,7 @@ jobs: aws configure set default.region $AWS_REGION # Download secrets file from S3 - SECRETS_URL="<< pipeline.parameters.SECRETS >>" - aws s3 cp "$SECRETS_URL" ~/project/encrypted_secrets.json + aws s3 cp << pipeline.parameters.SECRETS >> ~/project/encrypted_secrets.json # Decrypt the secrets DECRYPTED_JSON=$(node ~/project/decrypt.js "$(cat ~/project/encrypted_secrets.json)") From d19578c0846e6dcdc449e8dd141bee301c3251f8 Mon Sep 17 00:00:00 2001 From: Cheran Date: Tue, 24 Sep 2024 19:24:48 +0530 Subject: [PATCH 3/4] Remove test logging --- .circleci/config.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.circleci/config.yml b/.circleci/config.yml index a99c0e7..ab1b0ab 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -137,7 +137,6 @@ jobs: echo "$DECRYPTED_JSON" | jq -r 'to_entries | map("export \(.key)=\(.value|@sh)") | .[]' > ~/project/decrypted_secrets.txt source ~/project/decrypted_secrets.txt - cat ~/project/decrypted_secrets.txt # Clean up rm ~/project/encrypted_secrets.json From 91801726d4fecc678ac0e4e96cb537757c1a0fc9 Mon Sep 17 00:00:00 2001 From: Dheeraj Manjunath Date: Tue, 24 Sep 2024 14:59:12 -0400 Subject: [PATCH 4/4] Add yarn --- .circleci/config.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.circleci/config.yml b/.circleci/config.yml index ab1b0ab..4c7c85f 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -88,6 +88,7 @@ jobs: name: Install Dependencies command: | npm install node-forge + npm install --global yarn - run: name: Create Decryption Script