Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error when trying to use private key from environment variable #184

Open
meibensteiner opened this issue Nov 11, 2024 · 1 comment
Open

Comments

@meibensteiner
Copy link

Im using a self hosted runner on kubernetes and inject the private key into the runner from my secret manager via an environment variable.
When echoing "$github_app_id" and "$github_app_private_key" from a worker everything is fine and properly formatted.
When using those variables in a workflow to get a token like this:

jobs:
  deploy:
    runs-on: [ self-hosted ]
    steps:
     - name: Generate short living token for GitOps update
        uses: actions/create-github-app-token@v1
        id: generate-token
        with:
          owner: meibensteiner
          repositories: test-repo
          app-id: "$github_app_id"
          private-key: "$github_app_private_key"

I encounter the following error:

Failed to create token for "test-repo" (attempt 1): Invalid keyData
Failed to create token for "test-repo" (attempt 2): Invalid keyData
Failed to create token for "test-repo" (attempt 3): Invalid keyData
Failed to create token for "test-repo" (attempt 4): Invalid keyData
DOMException [DataError]: Invalid keyData
    at Object.rsaImportKey (node:internal/crypto/rsa:235:15)
Error: Invalid keyData
    at SubtleCrypto.importKey (node:internal/crypto/webcrypto:615:10)
    ... 6 lines matching cause stack trace ...
    at /runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39741:71
    at RetryOperation._fn (/runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39667:30) {
  attemptNumber: 4,
  retriesLeft: 0,
  [cause]: Error: Failed to read private key
      at createPrivateKey (node:internal/crypto/keys:632:12)
      at Object.rsaImportKey (node:internal/crypto/rsa:229:21)
      at SubtleCrypto.importKey (node:internal/crypto/webcrypto:615:10)
      at getToken (/runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:37861:56)
      at githubAppJwt (/runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:37894:23)
      at getAppAuthentication (/runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39188:37)
      at hook4 (/runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39472:37)
      at newApi (/runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:37156:36)
      at getTokenFromRepository (/runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39792:26)
      at /runner/_work/_actions/actions/create-github-app-token/v1/dist/main.cjs:39741:71
}

Is this somehow unsupported? Id prefer to use my own secrets manager instead of the one from github actions.

@cloudn1nja
Copy link

We are facing the same issue, and the only solution that works is to copy the same private key into the GitHub repository secrets. This forces us to maintain the key in two separate locations, which we want to avoid.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants