Simple GitHub action that helps to execute encryption and decryption of ejsonkms-rs file
This action only supports Linux runners with glibc. The following architectures are supported:
| Architecture | Runner Examples |
|---|---|
| x86_64 (amd64) | ubuntu-latest, ubuntu-22.04, ubuntu-24.04 |
| aarch64 (arm64) | ubuntu-24.04-arm, self-hosted ARM64 runners |
Note: Alpine Linux and other musl-based distributions are not supported.
- name: ejsonkms action
uses: compono/ejsonkms-action@v0.1.0
with:
action: decrypt # [encrypt, decrypt]
file-path: <path-to-ejsonkms-file>
out-file: <path-to-json-file> # File where the decrypted content will be stored (optional)
aws-region: <region> # AWS region which is required by decrypt mode (optional)
populate-env-vars: true | false # Populate the environment variables with the decrypted key-pairs content (optional)
prefix-env-vars: <prefix> # Add prefix to environment variables (optional)
populate-outputs: true | false # Populate the outputs with the decrypted key-pairs content (optional)
prefix-outputs: <prefix> # Add prefix to outputs (optional)| Output | Description |
|---|---|
| decrypted | Decrypted content of the file when the action is performed with the decrypt action |
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v6
- name: Decrypt file
uses: compono/ejsonkms-action@v0.1.0
id: decrypt
env:
AWS_REGION: <aws-region>
AWS_ACCESS_KEY_ID: <key-id>
AWS_SECRET_ACCESS_KEY: <redacted>
with:
action: decrypt
aws-region: ${{ env.AWS_REGION }}
file-path: <path-to-ejsonkms-file>
out-file: <path-to-json-file>
- name: Decrypted content
run: |
echo "Decrypted:"
echo '${{ steps.decrypt.outputs.decrypted }}'
echo
echo
echo "Stored File:"
cat <path-to-json-file>
echo
- name: Encrypt file
uses: compono/ejsonkms-action@v0.1.0
id: encrypt
with:
action: encrypt
file-path: <path-to-ejsonkms-file>
- name: Encrypted content
run: |
echo "Encrypted content:"
cat <path-to-ejson-file>Another great feature is to populate environment variables with the decrypted key-value pairs:
# just imagine that the ejsonkms file has following key-value pairs:
# KEY1: "encryped_value"
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v6
- name: Decrypt file and populate GITHUB_ENV
uses: compono/ejsonkms-action@v0.1.0
id: decrypt
env:
AWS_REGION: <aws-region>
AWS_ACCESS_KEY_ID: <key-id>
AWS_SECRET_ACCESS_KEY: <redacted>
with:
action: decrypt
aws-region: ${{ env.AWS_REGION }}
file-path: <path-to-ejsonkms-file>
populate-env-vars: true
- name: List env vars
run: echo "${{ env.KEY1 }}"Alternatively if you prefer GitHub outputs:
# just imagine that the ejsonkms file has following key-value pairs:
# KEY1: "encryped_value"
jobs:
test:
runs-on: ubuntu-latest
steps:
- name: Checkout Repository
uses: actions/checkout@v6
- name: Decrypt file and populate GITHUB_ENV
uses: compono/ejsonkms-action@v0.1.0
id: decrypt
env:
AWS_REGION: <aws-region>
AWS_ACCESS_KEY_ID: <key-id>
AWS_SECRET_ACCESS_KEY: <redacted>
with:
action: decrypt
aws-region: ${{ env.AWS_REGION }}
file-path: <path-to-ejsonkms-file>
populate-outputs: true
- name: List env vars
run: echo "${{ steps.decrypt.outputs.KEY1 }}"- Based on the ejson-action