Skip to content
/ gh-migrate-webhook-secrets Public
forked from mona-actions/gh-migrate-webhook-secrets

GitHub CLI extension to migrate webhook secrets. Supports HashiCorp Vault (KV V1 & V2) as the secret storage intermediary.

0 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

AlexandreODelisle/gh-migrate-webhook-secrets

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

113 Commits
.github
.github
 
 
cmd
cmd
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
.goreleaser.yml
.goreleaser.yml
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

gh-migrate-webhook-secrets

build release

GitHub CLI extension to migrate webhook secrets. Supports HashiCorp Vault (KV V1 & V2) as the secret storage intermediary.

Prerequisites

  • GitHub CLI installed.

  • Repositories must be present in both organizations (source and destination) when cloning (not required when).

  • For Hashicorp Vault integration, the following environment variables & flags must be set:

    • Environment Variables:
      • VAULT_ADDR: The server address (including protocol and port) of your Vault server (ex: https://192.168.0.1:8200)
      • To authenticate with a token:
        • VAULT_TOKEN: The token to connect to your Vault server with.
      • To authenticate with Role ID and Secret ID (will take preference if both are provided):
        • VAULT_ROLE_ID
        • VAULT_SECRET_ID

Install

$ gh extension install mona-actions/gh-migrate-webhook-secrets

Upgrade

$ gh extension upgrade migrate-webhook-secrets

Usage

$ gh migrate-webhook-secrets [flags]
GitHub CLI extension to migrate webhook secrets. Supports HashiCorp Vault (KV V1 & V2) as the secret storage intermediary.

Usage:
  gh migrate-webhook-secrets [flags]

Flags:
      --confirm                   Auto respond to confirmation prompt
  -h, --help                      help for gh
      --hostname string           GitHub hostname (default "github.com")
      --no-cache                  Disable cache for GitHub API requests
      --org string                Organization name
      --read-threads int          Number of threads to process at a time. (default 5)
      --token string              Optional token for authentication (uses GitHub CLI built-in authentication)
      --vault-kvv1                Use Vault KVv1 instead of KVv2
      --vault-mountpoint string   The mount point of the secrets on the Vault server (default "secret")
      --vault-path-keys strings   The keys in the webhook URL (ex: <webhook-server>?secret=<vault-path-key>) to use for finding the corresponding secret in order to create Vault path
      --vault-value-key string    The key in the Vault secret corresponding to the webhook secret value (default "value")
  -v, --version                   version for gh
      --write-threads int         Number of write threads to process at a time. (WARNING: increasing beyond 1 can trigger the secondary rate limit.) (default 1)

Notes

  • Does NOT copy enterprise or organizational webhooks.
  • Does NOT support copying secrets directly from GitHub (must use third-party secret storage like HashiCorp Vault)

About

GitHub CLI extension to migrate webhook secrets. Supports HashiCorp Vault (KV V1 & V2) as the secret storage intermediary.

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • Go 100.0%