Skip to content
/ gh-migrate-webhook-secrets Public

GitHub CLI extension to migrate webhook secrets. Supports HashiCorp Vault (KV V1 & V2) as the secret storage intermediary.

2 stars 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

mona-actions/gh-migrate-webhook-secrets

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

137 Commits
.github
.github
 
 
cmd
cmd
 
 
.editorconfig
.editorconfig
 
 
.gitignore
.gitignore
 
 
.goreleaser.yml
.goreleaser.yml
 
 
README.md
README.md
 
 
go.mod
go.mod
 
 
go.sum
go.sum
 
 
main.go
main.go
 
 

Repository files navigation

gh-migrate-webhook-secrets

build release

GitHub CLI extension to migrate webhook secrets. Supports HashiCorp Vault (KV V1 & V2) as the secret storage intermediary.

Prerequisites

  • GitHub CLI installed.

  • Repositories must be present in both organizations (source and destination) when cloning (not required when).

  • For Hashicorp Vault integration, the following environment variables & flags must be set:

    • Environment Variables:
      • VAULT_ADDR: The server address (including protocol and port) of your Vault server (ex: https://192.168.0.1:8200)
      • To authenticate with a token:
        • VAULT_TOKEN: The token to connect to your Vault server with.
      • To authenticate with Role ID and Secret ID (will take preference if both are provided):
        • VAULT_ROLE_ID
        • VAULT_SECRET_ID

Install

$ gh extension install mona-actions/gh-migrate-webhook-secrets

Upgrade

$ gh extension upgrade migrate-webhook-secrets

Usage

$ gh migrate-webhook-secrets [flags] [repos-file]
GitHub CLI extension to migrate webhook secrets. Supports HashiCorp Vault (KV V1 & V2) as the secret storage intermediary.

Usage:
  gh migrate-webhook-secrets [flags] [repos-file]

Flags:
      --confirm                       Auto respond to confirmation prompt
      --destination-hostname string   Set destination GitHub hostname (default "github.com")
      --destination-org string        Set destination organization to migrate to
      --destination-token string      Optional token for authentication (uses GitHub CLI built-in authentication)
  -h, --help                          help for gh
      --no-cache                      Disable cache for GitHub API requests
      --read-threads int              Number of threads to process at a time. (default 5)
      --source-hostname string        Set source GitHub hostname (default "github.com")
      --source-org string             Set source organization to migrate from
      --source-token string           Optional token for authentication (uses GitHub CLI built-in authentication)
      --vault-kvv1                    Use Vault KVv1 instead of KVv2
      --vault-mountpoint string       The mount point of the secrets on the Vault server (default "secret")
      --vault-path-keys strings       The key in the webhook URL (ex: <webhook-server>?secret=<vault-path-key>) to use for finding the corresponding secret
      --vault-value-key string        The key in the Vault secret corresponding to the webhook secret value (default "value")
  -v, --version                       version for gh
      --write-threads int             Number of write threads to process at a time. (WARNING: increasing beyond 1 can trigger the secondary rate limit.) (default 1)

Notes

  • Does NOT copy enterprise or organizational webhooks.
  • Does NOT support copying secrets directly from GitHub (must use third-party secret storage like HashiCorp Vault)

About

GitHub CLI extension to migrate webhook secrets. Supports HashiCorp Vault (KV V1 & V2) as the secret storage intermediary.

Resources

Readme
Activity
Custom properties

Stars

2 stars

Watchers

0 watching

Forks

3 forks
Report repository

Releases 4

gh-migrate-webhook-secrets 0.3.3 Latest
Aug 31, 2022
+ 3 releases

Packages

No packages published

Contributors 4

  •  
  •  
  •  
  •  

Languages