A GitHub action that can be used to decrypt a SOPS encrypted file.
Required Version of SOPS binary that has to be used to decrypt the file
Required Relative path to the SOPS encrypted file that has to be decrypted
Required Base64 encoded private GPG key that can decrypt the file
Default: json
Format to which the decrypted secrets should be converted. Formats supported are json, yaml, dotenv.
Decrypted data in selected format
jobs:
decrypt-secrets:
runs-on: ubuntu
steps:
- uses: metro-digital/[email protected]
id: secrets
with:
version: '3.6.1'
file: 'ci/secrets/file1.yaml'
gpg_key: '<private_gpg_key_base64_encoded>'
output_type: 'json'
- name: Access one of the decrypted secrets
run: |
echo "${{ fromJson(steps.secrets.outputs.data).secret_key }}"