@@ -423,6 +423,7 @@ optional_params_server=(
423
423
" code_context"
424
424
" nexus_url"
425
425
" cr_event_type"
426
+ " encryption_key"
426
427
)
427
428
428
429
bee_params=(
@@ -575,21 +576,61 @@ for param in "${required_params[@]}" "${bee_params[@]}" "${optional_params[@]}";
575
576
nexus_url=$( echo " ${props[$param]} " | sed ' s/^[ \t]*//;s/[ \t]*$//' )
576
577
elif [ " $param " == " cr_event_type" ]; then
577
578
validate_cr_event_type " ${props[$param]} "
579
+ elif [ " $param " == " encryption_key" ]; then
580
+ encryption_key_value=${props[$param]}
578
581
else
579
582
docker_cmd+=" --$param =${props[$param]} "
580
583
fi
581
584
582
585
fi
583
586
done
584
587
docker_cmd+=" --cr_event_type=${cr_event_type} "
585
-
586
588
docker_cmd=$docker_init_cmd$docker_cmd
589
+ docker_cmd+=' ${docker_enc_params}'
590
+
591
+ # Function to encrypt text
592
+ encrypt_git_secret () {
593
+ local key=$1
594
+ local plaintext=$2
595
+
596
+ # Convert key to hex
597
+ local hex_key=$( echo -n " $key " | xxd -p -c 256)
598
+
599
+ # Generate IV (Initialization Vector)
600
+ local iv=$( openssl rand -base64 16)
601
+ iv=" $( echo -n " $iv " | base64 -d | xxd -p -c 256) "
602
+
603
+ # Encrypt plaintext
604
+ local ciphertext=$( echo -n " $plaintext " | openssl enc -aes-256-cfb -a -K " $hex_key " -iv " $iv " -base64)
605
+
606
+ # Concatenate IV and ciphertext and encode with base64
607
+ local iv_ciphertext=$( echo -n " $iv " ) $( echo -n " $ciphertext " )
608
+
609
+ # Encode the concatenated result with base64
610
+ local encrypted_text=$( echo -n " $iv_ciphertext " | tr -d ' \n' )
611
+
612
+ echo " $encrypted_text "
613
+ }
614
+
587
615
param_bito_access_key=" bito_cli.bito.access_key"
588
616
param_git_access_token=" git.access_token"
617
+ param_encryption_key=" encryption_key"
618
+ docker_enc_params=
589
619
if [ " $mode " == " server" ]; then
590
620
if [ -n " ${props[$param_bito_access_key]} " ] && [ -n " ${props[$param_git_access_token]} " ]; then
591
621
git_secret=" ${props[$param_bito_access_key]} @#~^${props[$param_git_access_token]} "
592
622
623
+ if [ -n " ${props[$param_encryption_key]} " ]; then
624
+ encryption_key=" ${props[$param_encryption_key]} "
625
+ if [[ ${# encryption_key} -eq 44 ]] && [[ $encryption_key =~ ^[A-Za-z0-9+/]{43}= $ ]]; then
626
+ git_secret=$( encrypt_git_secret " $encryption_key " " $git_secret " )
627
+ docker_enc_params=" --git.secret=$git_secret --encryption_key=$encryption_key "
628
+ else
629
+ echo " Error: Encryption key must be a 44-character base64 string generated by openssl rand -base64 32."
630
+ exit 1
631
+ fi
632
+ fi
633
+
593
634
echo " Use below as Gitlab and Github Webhook secret:"
594
635
echo " $git_secret "
595
636
echo
622
663
623
664
624
665
if [ " $? " == 0 ]; then
625
- echo " Running command: $( eval echo $docker_cmd ) "
666
+ echo " Running command: $( echo eval $docker_cmd ) "
626
667
eval " $docker_cmd "
627
668
628
669
if [ " $? " == 0 ] && [ " $mode " == " server" ]; then
0 commit comments