From ad8c4758a6255ad9b0032da4023730ce303f2480 Mon Sep 17 00:00:00 2001 From: lukaszcl <120112546+lukaszcl@users.noreply.github.com> Date: Wed, 15 Jan 2025 12:04:33 +0100 Subject: [PATCH] Update readme --- tools/ghsecrets/README.md | 18 +++++++++--------- tools/ghsecrets/main.go | 4 ++-- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/tools/ghsecrets/README.md b/tools/ghsecrets/README.md index 87f74b8ff..a71576d2d 100644 --- a/tools/ghsecrets/README.md +++ b/tools/ghsecrets/README.md @@ -30,26 +30,26 @@ By default, `ghsecrets set` assumes you want to store secrets in AWS Secrets Man > **⚠️ Note:** Ensure you authenticate with AWS before using the tool: > > ```sh -> aws sso login --profile +> aws sso login --profile > ``` -> By default, use the SDLC profile +> Use the **SDLC** profile in AWS This will read from `~/.testsecrets` (by default) and create/update a secret in AWS Secrets Manager: ```sh -ghsecrets set --profile +ghsecrets set --profile ``` If you’d like to specify a different file: ```sh -ghsecrets set --file /path/to/mysecrets.env --profile +ghsecrets set --file /path/to/mysecrets.env --profile ``` If you’d like to specify a custom secret name: ```sh -ghsecrets set --secret-id my-custom-secret --profile +ghsecrets set --secret-id my-custom-secret --profile ``` Note: For AWS backend, the tool automatically adds the `testsecrets/` prefix if it is missing. This ensures consistency and allows GitHub Actions to access all secrets with this designated prefix. @@ -57,13 +57,13 @@ Note: For AWS backend, the tool automatically adds the `testsecrets/` prefix if If you’d like to share this secret with additional AWS IAM principals (e.g., a collaborator’s account): ```sh -ghsecrets set --shared-with arn:aws:iam::123456789012:role/SomeRole --profile +ghsecrets set --shared-with arn:aws:iam::123456789012:role/SomeRole --profile ``` You can specify multiple ARNs using commas: ```sh -ghsecrets set --shared-with arn:aws:iam::123456789012:role/SomeRole,arn:aws:iam::345678901234:root --profile +ghsecrets set --shared-with arn:aws:iam::123456789012:role/SomeRole,arn:aws:iam::345678901234:root --profile ``` #### b) Set secrets in GitHub @@ -82,13 +82,13 @@ This will: If you want to retrieve an existing secret from AWS Secrets Manager, use: ```sh -ghsecrets get --secret-id testsecrets/MySecretName --profile +ghsecrets get --secret-id testsecrets/MySecretName --profile ``` By default, it prints out the Base64-encoded string. To decode it automatically: ```sh -ghsecrets get --secret-id testsecrets/MySecretName --decode --profile +ghsecrets get --secret-id testsecrets/MySecretName --decode --profile ``` ## FAQ diff --git a/tools/ghsecrets/main.go b/tools/ghsecrets/main.go index aedb5f8b3..db8b53160 100644 --- a/tools/ghsecrets/main.go +++ b/tools/ghsecrets/main.go @@ -312,8 +312,8 @@ func handleAWSSSOError(err error) error { if strings.Contains(err.Error(), "SSO session has expired") || strings.Contains(err.Error(), "InvalidGrantException") { return fmt.Errorf( "AWS SSO session has expired or is invalid. Please re-authenticate by running:\n\n"+ - " aws sso login --profile \n\n"+ - "Then try again with --profile flag.\n\nOriginal error: %w", + " aws sso login --profile \n\n"+ + "Then try again with --profile flag.\n\nOriginal error: %w", err, ) }