git-secret
git-secret copied to clipboard
sobolevn
All files are revealed but decrypted files are not displayed when I excute with github action
What are the steps to reproduce this issue?
- test.yml
name: import-gpg
on:
push:
branches: main
jobs:
import-gpg:
runs-on: ubuntu-latest
steps:
-
name: Checkout
uses: actions/checkout@v3
-
name: import gpg private key
run: |
echo "${{ secrets.GPG_PRIVATE_KEY }}" > ./private_key.gpg
gpg --batch --yes --pinentry-mode loopback --import private_key.gpg
-
name: reveal secret
run: |
sudo apt install git-secret
git secret --version
git secret reveal -p ${{ secrets.GPG_PASSPHRASE }}
ls
What happens?
- this action was run successfully and give notice "All 2 files are revealed" but decrypted files are not displayed
What were you expecting to happen?
Decrypted files are not displayed
test.txt
testsss.txt
I don't know what step I did wrong. Has anyone had the same problem as me? please give me the solution. Thanks a lot
I think it's showing the names of the encrypted files it decrypted. Can you add code to check if the decrypted files are present?
Edit: oh I see, the ls should do that. Can you try with the latest master branch from git-secret please? There have been a lot of changes since 0.2.2, some related to error messages.
Edit: Please see my comment below too.
There is a bug in older versions of git-secret that causes git-secret not to issue any error in some cases if it's unable to decrypt the secrets. Please try again with the latest master branch of git-secret and let us know if this resolves your issues, @DragosRomaniuc and @tamtmh
Also, using the verbose -v option in the latest versions of git-secret should show details about what is happening with gnupg to cause those files not to be decrypted.
@joshrabinowitz Thanks. I tried it with latest version but now i get this error:
git-secret: abort: cannot find decrypted version of file:
How can i solve this ? Thanks a lot.
This is difficult to debug remotely with so little data.
Can you confirm what 'latest version' you're using? Also can you replicate from the command line on your local machine with the master branch, show the output of git-secret --version, and the complete output of git-secret reveal -v {filename.secret}. It may also be useful to show the output of git secret hide -v from your machine and confirm that the secret key needed for decryption is available to the github action.
Basically we need a lot more data specific to your problem to help debug this.
Edit: Also you show git-secret: abort: cannot find decrypted version of file:, which should show a filename, and therefore looks like it is unable to figure out the name of the encrypted file. Something is wrong in the setup.
it would be helpful to see the output from using bash -x to run git-secret as described in #594
I also suspect some hints about what's going wrong would show up if git-secret's -v option was used to show output from gnupg commands
Also please check that your .gitignore and .gitsecret/paths/mapping.cfg files look sane.
Im having the same issue:
cannot find decrypted version of file: {FILENAME}
Hey Richard. I think i solved this by making sure I have the same GPG version on both encrypting and decrypting sides. In my case Local vs Github Actions.
Hey Richard. I think i solved this by making sure I have the same GPG version on both encrypting and decrypting sides. In my case Local vs Github Actions.
That solved it!