Project

secret_hub

0.01
The project is in a healthy, maintained state
secret_hubdannyben/secret_hubHomepageDocumentationSource CodeBug Tracker
Command line interface for managing GitHub secrets in bulk
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
 Popularity
Downloads
16,142
Stars
27
Forks
4
Watchers
4
 Releases
Current version
0.2.2
Total releases
11
First release
2020-02-14
Latest release
2024-02-10
 Issues
Open Issues
0
Closed Issues
1
Total Issues
1
Issue Closure Rate
100%
 Pull Requests
Open Pull Requests
0
Closed Pull Requests
1
Merged Pull Requests
16
Pull Request Acceptance Rate
94%
 Development
Primary Language
Ruby
Licenses
MIT
Average date of last 50 commits
2022-03-12
Reverse Dependencies
0

 Dependencies

Runtime

bigdecimal
>= 0
csv
>= 0
rackup
~> 2.1
colsole
>= 0.8.1, < 2
httparty
~> 0.21
lp
~> 0.2
mister_bin
~> 0.7.3
rbnacl
~> 7.1
string-obfuscator
~> 0.1
 Project Readme

SecretHub - GitHub Secrets CLI

Gem Version Build Status Maintainability

SecretHub lets you easily manage your GitHub secrets from the command line with support for bulk operations and organization secrets.

Installation

With Ruby:

$ gem install secret_hub

Or with Docker:

$ alias secrethub='docker run --rm -it -e GITHUB_ACCESS_TOKEN -v "$PWD:/app" dannyben/secrethub'

Prerequisites

SecretHub is a wrapper around the GitHub Secrets API. To use it, you need to set up your environment with a GitHub Access Token:

$ export GITHUB_ACCESS_TOKEN=<your access token>

Give your token the repo scope, and for organization secrets, the admin:org scope.

Usage

SecretHub has three families of commands:

  1. secrethub repo - manage repository secrets.
  2. secrethub org - manage organization secrets.
  3. secrethub bulk - manage multiple secrets in multiple repositories using a config file.
$ secrethub
GitHub Secret Manager

Commands:
  repo  Manage repository secrets
  org   Manage organization secrets
  bulk  Manage multiple secrets in multiple repositories

Run secrethub COMMAND --help for command specific help


$ secrethub repo
Usage:
  secrethub repo list REPO
  secrethub repo save REPO KEY [VALUE]
  secrethub repo delete REPO KEY
  secrethub repo (-h|--help)


$ secrethub org
Usage:
  secrethub org list ORG
  secrethub org save ORG KEY [VALUE]
  secrethub org delete ORG KEY
  secrethub org (-h|--help)


$ secrethub bulk
Usage:
  secrethub bulk init [CONFIG]
  secrethub bulk show [CONFIG --visible]
  secrethub bulk list [CONFIG]
  secrethub bulk save [CONFIG --clean --dry --only REPO]
  secrethub bulk clean [CONFIG --dry]
  secrethub bulk (-h|--help)

Bulk operations

All the bulk operations use a simple YAML configuration file. The configuration file includes a list of GitHub repositories, each with a list of its secrets.

For example:

# secrethub.yml
user/repo:
- SECRET
- PASSWORD
- SECRET_KEY

user/another-repo:
- SECRET
- SECRET_KEY

Each list of secrets can either be an array, or a hash.

Using array syntax

All secrets must be defined as environment variables.

user/repo:
- SECRET
- PASSWORD

Using hash syntax

Each secret may define its value, or leave it blank. When a secret value is blank, it will be loaded from the environment.

user/another-repo:
  SECRET:
  PASSWORD: p4ssw0rd

Using YAML anchors

SecretHub ignores any key that does not look like a repository (does not include a slash /). Using this feature, you can define reusable YAML anchors:

docker: &docker
  DOCKER_USER:
  DOCKER_PASSWORD:

user/repo:
  <<: *docker
  SECRET:
  PASSWORD: p4ssw0rd

Note that YAML anchors only work with the hash syntax.

Contributing / Support

If you experience any issue, have a question or a suggestion, or if you wish to contribute, feel free to open an issue.