[Feature Request] Use encrypted_value in github_actions_organization_secret and github_actions_secret

[KMConner]

Hi there,

I use github_actions_secret resource to manage GitHub Actions Secret for my repositry.
But this resource stores plaintext_value in tfstate, which is not very safe.

So I suggest these resources should have ways to use this api with a parameter encrypted_value. This will store encrypted_value instead of plaintext_value which will be safer.

Affected Resource(s)

• github_actions_organization_secret
• github_actions_secret

References

Are there any other GitHub issues (open or closed) or Pull Requests that should be linked here? For example:

• [Feature Request] Organization Secrets #468
• Gh 271 GitHub secrets #362

[threeseed]

@KMConner @jcudit .. Pretty sure this should be closed. As per the code the plaintext value is encrypted using the Github public key.

[KMConner]

@ nadenf

I know that the plaintext value is encrypted using GitHub public key in the current version.

In my opinion, it is not very safe to store plaintext values in tfstate files. (I believe the current version will do so...)
Then, I would like to create a new option to specify encrypted values directly instead of encrypting inside GitHub provider.
Specifying this option will avoid saving plaintext values to tfstate files, and will save encrypted values to tfstate files.

[threeseed]

@KMConner .. Understand now. Have submitted a PR which adds encrypted_value for Actions, Environment and Organisation secrets.

[github-actions]

👋 Hey Friends, this issue has been automatically marked as stale because it has no recent activity. It will be closed if no further activity occurs. Please add the Status: Pinned label if you feel that this issue needs to remain open/active. Thank you for your contributions and help in keeping things tidy!

[kfcampbell]

Closing as #807 has been merged and released.