- "descriptionHTML": "<p>Creates or updates an organization secret with an encrypted value. Encrypt your secret using\n<a href=\"https://libsodium.gitbook.io/doc/bindings_for_other_languages\">LibSodium</a>.</p>\n<p>You must authenticate using an access token with the <code>admin:org</code> scope to use this endpoint.\nIf the repository is private, you must use an access token with the <code>repo</code> scope.\nGitHub Apps must have the <code>secrets</code> organization permission to use this endpoint.\nAuthenticated users must have collaborator access to a repository to create, update, or read secrets.</p>\n<p>*<em>Example encrypting a secret using Node.js</em></p>\n<p>Encrypt your secret using the <a href=\"https://www.npmjs.com/package/libsodium-wrappers\">libsodium-wrappers</a> library.</p>\n<pre><code>const sodium = require('libsodium-wrappers')\nconst secret = 'plain-text-secret' // replace with the secret you want to encrypt\nconst key = 'base64-encoded-public-key' // replace with the Base64 encoded public key\n\n//Check if libsodium is ready and then proceed.\nsodium.ready.then(() => {\n // Convert Secret & Base64 key to Uint8Array.\n let binkey = sodium.from_base64(key, sodium.base64_variants.ORIGINAL)\n let binsec = sodium.from_string(secret)\n\n //Encrypt the secret using LibSodium\n let encBytes = sodium.crypto_box_seal(binsec, binkey)\n\n // Convert encrypted Uint8Array to Base64\n let output = sodium.to_base64(encBytes, sodium.base64_variants.ORIGINAL)\n\n console.log(output)\n});\n</code></pre>\n<p><strong>Example encrypting a secret using Python</strong></p>\n<p>Encrypt your secret using <a href=\"https://pynacl.readthedocs.io/en/latest/public/#nacl-public-sealedbox\">pynacl</a> with Python 3.</p>\n<pre><code>from base64 import b64encode\nfrom nacl import encoding, public\n\ndef encrypt(public_key: str, secret_value: str) -> str:\n \"\"\"Encrypt a Unicode string using the public key.\"\"\"\n public_key = public.PublicKey(public_key.encode(\"utf-8\"), encoding.Base64Encoder())\n sealed_box = public.SealedBox(public_key)\n encrypted = sealed_box.encrypt(secret_value.encode(\"utf-8\"))\n return b64encode(encrypted).decode(\"utf-8\")\n</code></pre>\n<p><strong>Example encrypting a secret using C#</strong></p>\n<p>Encrypt your secret using the <a href=\"https://www.nuget.org/packages/Sodium.Core/\">Sodium.Core</a> package.</p>\n<pre><code>var secretValue = System.Text.Encoding.UTF8.GetBytes(\"mySecret\");\nvar publicKey = Convert.FromBase64String(\"2Sg8iYjAxxmI2LvUXpJjkYrMxURPc8r+dB7TJyvvcCU=\");\n\nvar sealedPublicKeyBox = Sodium.SealedPublicKeyBox.Create(secretValue, publicKey);\n\nConsole.WriteLine(Convert.ToBase64String(sealedPublicKeyBox));\n</code></pre>\n<p><strong>Example encrypting a secret using Ruby</strong></p>\n<p>Encrypt your secret using the <a href=\"https://github.com/RubyCrypto/rbnacl\">rbnacl</a> gem.</p>\n<pre><code class=\"hljs language-ruby\"><span class=\"hljs-keyword\">require</span> <span class=\"hljs-string\">\"rbnacl\"</span>\n<span class=\"hljs-keyword\">require</span> <span class=\"hljs-string\">\"base64\"</span>\n\nkey = Base64.decode64(<span class=\"hljs-string\">\"+ZYvJDZMHUfBkJdyq5Zm9SKqeuBQ4sj+6sfjlH4CgG0=\"</span>)\npublic_key = RbNaCl::PublicKey.new(key)\n\nbox = RbNaCl::Boxes::Sealed.from_public_key(public_key)\nencrypted_secret = box.encrypt(<span class=\"hljs-string\">\"my_secret\"</span>)\n\n<span class=\"hljs-comment\"># Print the base64 encoded secret</span>\nputs Base64.strict_encode64(encrypted_secret)\n</code></pre>",
0 commit comments