Skip to content

Update secrets.js

Update secrets.js #72

name: 'AzureSignTool & Dynamic Secret'
# Docs => https://docs.akeyless.io/docs/azure-ad-dynamic-secrets
# Using AzureSignTool https://learn.microsoft.com/en-us/windows/msix/desktop/cicd-keyvault
on:
workflow_dispatch:
push:
branches:
- aad-tests
paths:
- 'src/**/*'
- '.github/workflows/dynamic-azure-codesign.yml'
jobs:
code_sign:
runs-on: windows-latest
name: Code Signing
permissions:
id-token: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
# - name: Fetch static secret from AKeyless
# id: fetch-static-secrets
# uses: ./
# with:
# access-id: ${{ secrets.AKEYLESS_ACCESS_ID }}
# static-secrets: '{"/DevTools/my-static-secret":"my_static_secret"}'
# - name: Verify Static Secret Job Outputs
# run: echo "Your output secret is ${{ steps.fetch-static-secrets.outputs.my_static_secret }}"
# - name: Verify Static Secret Env Value
# run: echo "Your environment secret is ${{ env.my_static_secret }}"
# PREFIXED TESTS
# - name: Prefixed, Unparsed
# id: job-one
# uses: ./
# with:
# access-id: ${{ secrets.AKEYLESS_ACCESS_ID }}
# dynamic-secrets: '{"/DevTools/live-azure-ad":"aad_payload"}'
# parse-dynamic-secrets: false
# export-secrets-to-environment: true
# - name: Verify Outputs
# run: |
# echo 'outputs.aad_payload'
# echo '${{ steps.job-one.outputs.aad_payload }}'
# echo 'outputs.aad_payload via jq'
# echo '${{ steps.job-one.outputs.aad_payload }}' | jq '.secret'
# - name: Verify env vars
# run: |
# echo 'env.aad_payload'
# echo '${{ env.aad_payload }}'
# echo 'env.aad_payload via jq'
# echo '${{ env.aad_payload }}' | jq '.secret'
- name: Prefixed and Parsed
id: job-two
uses: ./
with:
access-id: ${{ secrets.AKEYLESS_ACCESS_ID }}
dynamic-secrets: '{"/DevTools/live-azure-ad":"aad_payload"}'
parse-dynamic-secrets: true
export-secrets-to-environment: false
# - name: Verify Outputs
# run: |
# echo 'ENTIRE OUTPUT'
# echo '${{ steps.job-two.outputs.aad_payload }}'
# echo 'ID'
# echo '${{ steps.job-two.outputs.aad_payload }}' | jq '.id'
# echo 'TTL_IN_MINUTES'
# echo '${{ steps.job-two.outputs.aad_payload }}' | jq '.ttl_in_minutes'
# echo 'MSG'
# echo '${{ steps.job-two.outputs.aad_payload }}' | jq '.msg'
# echo 'SECRET'
# echo '${{ steps.job-two.outputs.aad_payload }}' | jq '.secret'
# # echo '${{ steps.job-two.outputs.aad_payload }}' | jq '.secret_appId'
# # echo '${{ steps.job-two.outputs.aad_payload }}' | jq '.secret_displayName'
# # echo '${{ steps.job-two.outputs.aad_payload }}' | jq '.secret_keyId'
# # echo '${{ steps.job-two.outputs.aad_payload }}' | jq '.secret_secretText'
# # echo '${{ steps.job-two.outputs.aad_payload }}' | jq '.secret_tenantId'
# - name: Read Secrets
# run: |
# echo 'ID'
# echo '${{ steps.job-two.outputs.aad_payload }}' | jq '.id'
# echo 'TTL_IN_MINUTES'
# echo '${{ steps.job-two.outputs.aad_payload }}' | jq '.ttl_in_minutes'
# echo 'MSG'
# echo '${{ steps.job-two.outputs.aad_payload }}' | jq '.msg'
# echo 'SECRET'
# echo '${{ steps.job-two.outputs.aad_payload }}' | jq '.secret.appId'
# echo '${{ steps.job-two.outputs.aad_payload }}' | jq '.secret.displayName'
# echo '${{ steps.job-two.outputs.aad_payload }}' | jq '.secret.keyId'
# echo '${{ steps.job-two.outputs.aad_payload }}' | jq '.secret.secretText'
# echo '${{ steps.job-two.outputs.aad_payload }}' | jq '.secret.tenantId'
# UNPREFIXED TESTS
# - name: Unprefixed, Unparsed
# id: job-three
# uses: ./
# with:
# access-id: ${{ secrets.AKEYLESS_ACCESS_ID }}
# dynamic-secrets: '{"/DevTools/live-azure-ad":""}'
# parse-dynamic-secrets: false
# export-secrets-to-environment: false
# - name: Verify Outputs
# run: |
# echo 'ENTIRE OUTPUT'
# echo '${{ steps.job-three.outputs.aad_payload }}'
# echo 'ID'
# echo '${{ steps.job-three.outputs.aad_payload }}' | jq '.id'
# echo 'TTL_IN_MINUTES'
# echo '${{ steps.job-three.outputs.aad_payload }}' | jq '.ttl_in_minutes'
# echo 'MSG'
# echo '${{ steps.job-three.outputs.aad_payload }}' | jq '.msg'
# echo 'SECRET'
# echo '${{ steps.job-three.outputs.aad_payload }}' | jq '.secret'
# - name: Unprefixed, Parsed
# id: job-four
# uses: ./
# with:
# access-id: ${{ secrets.AKEYLESS_ACCESS_ID }}
# dynamic-secrets: '{"/DevTools/live-azure-ad":""}'
# parse-dynamic-secrets: true
# export-secrets-to-environment: false
# - name: Verify Outputs
# run: |
# echo 'ENTIRE OUTPUT'
# echo '${{ steps.job-four.outputs.aad_payload }}'
# echo 'ID'
# echo '${{ steps.job-four.outputs.aad_payload }}' | jq '.id'
# echo 'TTL_IN_MINUTES'
# echo '${{ steps.job-four.outputs.aad_payload }}' | jq '.ttl_in_minutes'
# echo 'MSG'
# echo '${{ steps.job-four.outputs.aad_payload }}' | jq '.msg'
# echo 'SECRET'
# echo '${{ steps.job-four.outputs.aad_payload }}' | jq '.secret'
# - name: Download Example File to Sign
# run: Invoke-WebRequest "https://dvlup.blob.core.windows.net/general-app-files/MSIs/MicrosoftStoreServicesSDK.msi" -OutFile '${{ github.workspace }}\MicrosoftStoreServicesSDK.msi'
# - name: Install AzureSignTool
# id: install-signtool
# run: dotnet tool install --global AzureSignTool
# - name: Sign File
# id: use-signtool
# run: |
# azuresigntool sign -kvu "${{ secrets.AZURE_KEY_VAULT_URI }}" -kvi "${{ secrets.AZURE_CLIENT_ID }}" -kvt "${{ secrets.AZURE_TENANT_ID }}"-kvs "${{ secrets.AZURE_CLIENT_SECRET }}" -kvc ${{ secrets.AZURE_CERT_NAME }} -tr http://timestamp.digicert.com -v '${{ github.workspace }}\MicrosoftStoreServicesSDK.msi'