@@ -546,16 +546,47 @@ foreach ($param in $required_params + $bee_params + $optional_params) {
546
546
}
547
547
}
548
548
$docker_cmd += " --cr_event_type=$crEventType "
549
-
550
549
$docker_cmd = $docker_init_cmd + $docker_cmd
550
+
551
+ function Encrypt-GitSecret {
552
+ param (
553
+ [string ]$key ,
554
+ [string ]$plaintext
555
+ )
556
+
557
+ # Convert key to hex
558
+ $hexKey = [BitConverter ]::ToString([Text.Encoding ]::UTF8.GetBytes($key )).Replace(" -" , " " ).ToLower()
559
+
560
+ # Generate IV (Initialization Vector)
561
+ $ivBytes = New-Object byte[] 16
562
+ [Security.Cryptography.RandomNumberGenerator ]::Create().GetBytes($ivBytes )
563
+ $iv = [Convert ]::ToBase64String($ivBytes )
564
+ $ivHex = [BitConverter ]::ToString($ivBytes ).Replace(" -" , " " ).ToLower()
565
+
566
+ $ciphertext = " $plaintext " | openssl enc - aes- 256 - cfb - a - K " $hexKey " - iv " $ivHex " - base64
567
+
568
+ # Concatenate IV and ciphertext and encode with base64
569
+ $encryptedText = $ivHex + " $ciphertext " -replace " " , " " -replace " `r`n " , " " -replace " `n " , " " -replace " `r " , " "
570
+
571
+ # Output the encrypted text
572
+ return $encryptedText
573
+ }
574
+
575
+ $docker_run_command_log = $docker_cmd
551
576
$param_bito_access_key = " bito_cli.bito.access_key"
552
577
$param_git_access_token = " git.access_token"
578
+ $docker_enc_params =
579
+
553
580
if ($mode -eq " server" ) {
554
581
if (-not ([string ]::IsNullOrEmpty($props [$param_bito_access_key ])) -and -not ([string ]::IsNullOrEmpty($props [$param_git_access_token ]))) {
555
582
$git_secret = " $ ( $props [$param_bito_access_key ]) @#~^$ ( $props [$param_git_access_token ]) "
556
-
583
+ $encryption_key = [System.Convert ]::ToBase64String((1 .. 32 | ForEach-Object { [byte ](Get-Random - Minimum 0 - Maximum 256 ) }))
584
+ $git_secret_encrypted = Encrypt- GitSecret - key $encryption_key - plaintext $git_secret
585
+ $docker_enc_params = " --git.secret=$git_secret_encrypted --encryption_key=$encryption_key "
586
+ $docker_cmd += " ${docker_enc_params} "
587
+
557
588
Write-Host " Use below as Gitlab and Github Webhook secret:"
558
- Write-Host $git_secret
589
+ Write-Host $git_secret_encrypted
559
590
Write-Host
560
591
}
561
592
@@ -567,7 +598,7 @@ Write-Host "Running command: $($docker_pull)"
567
598
Invoke-Expression $docker_pull
568
599
569
600
if ($LASTEXITCODE -eq 0 ) {
570
- Write-Host " Running command: $ ( $docker_cmd ) "
601
+ Write-Host " Running command: $ ( $docker_run_command_log ) "
571
602
Invoke-Expression $docker_cmd
572
603
573
604
if ($LASTEXITCODE -eq 0 -and $mode -eq " server" ) {
0 commit comments