Skip to content

Commit 1387649

Browse files
Merge pull request #26 from gitbito/release/1.3.3
Update bito-cra.ps1 with openssl encryption changes
2 parents 24f4199 + f047d63 commit 1387649

File tree

1 file changed

+35
-4
lines changed

1 file changed

+35
-4
lines changed

cra-scripts/bito-cra.ps1

Lines changed: 35 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -546,16 +546,47 @@ foreach ($param in $required_params + $bee_params + $optional_params) {
546546
}
547547
}
548548
$docker_cmd += " --cr_event_type=$crEventType"
549-
550549
$docker_cmd = $docker_init_cmd + $docker_cmd
550+
551+
function Encrypt-GitSecret {
552+
param (
553+
[string]$key,
554+
[string]$plaintext
555+
)
556+
557+
# Convert key to hex
558+
$hexKey = [BitConverter]::ToString([Text.Encoding]::UTF8.GetBytes($key)).Replace("-", "").ToLower()
559+
560+
# Generate IV (Initialization Vector)
561+
$ivBytes = New-Object byte[] 16
562+
[Security.Cryptography.RandomNumberGenerator]::Create().GetBytes($ivBytes)
563+
$iv = [Convert]::ToBase64String($ivBytes)
564+
$ivHex = [BitConverter]::ToString($ivBytes).Replace("-", "").ToLower()
565+
566+
$ciphertext = "$plaintext" | openssl enc -aes-256-cfb -a -K "$hexKey" -iv "$ivHex" -base64
567+
568+
# Concatenate IV and ciphertext and encode with base64
569+
$encryptedText = $ivHex + "$ciphertext" -replace " ", "" -replace "`r`n", "" -replace "`n", "" -replace "`r", ""
570+
571+
# Output the encrypted text
572+
return $encryptedText
573+
}
574+
575+
$docker_run_command_log = $docker_cmd
551576
$param_bito_access_key = "bito_cli.bito.access_key"
552577
$param_git_access_token = "git.access_token"
578+
$docker_enc_params=
579+
553580
if ($mode -eq "server") {
554581
if (-not([string]::IsNullOrEmpty($props[$param_bito_access_key])) -and -not([string]::IsNullOrEmpty($props[$param_git_access_token]))) {
555582
$git_secret = "$($props[$param_bito_access_key])@#~^$($props[$param_git_access_token])"
556-
583+
$encryption_key = [System.Convert]::ToBase64String((1..32 | ForEach-Object { [byte](Get-Random -Minimum 0 -Maximum 256) }))
584+
$git_secret_encrypted = Encrypt-GitSecret -key $encryption_key -plaintext $git_secret
585+
$docker_enc_params=" --git.secret=$git_secret_encrypted --encryption_key=$encryption_key"
586+
$docker_cmd += " ${docker_enc_params}"
587+
557588
Write-Host "Use below as Gitlab and Github Webhook secret:"
558-
Write-Host $git_secret
589+
Write-Host $git_secret_encrypted
559590
Write-Host
560591
}
561592

@@ -567,7 +598,7 @@ Write-Host "Running command: $($docker_pull)"
567598
Invoke-Expression $docker_pull
568599

569600
if ($LASTEXITCODE -eq 0) {
570-
Write-Host "Running command: $($docker_cmd)"
601+
Write-Host "Running command: $($docker_run_command_log)"
571602
Invoke-Expression $docker_cmd
572603

573604
if ($LASTEXITCODE -eq 0 -and $mode -eq "server") {

0 commit comments

Comments
 (0)