diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 8588f60d..8a8018ea 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -60,9 +60,9 @@ jobs:
- name: Decrypt secrets
run: |
./scripts/setup-age.sh
- ./scripts/signing-setup.sh "$ENCRYPT_KEY"
+ ./scripts/signing-setup.sh "$AGE_SECRET_KEY"
env:
- ENCRYPT_KEY: ${{ secrets.ENCRYPT_KEY }}
+ AGE_SECRET_KEY: ${{ secrets.AGE_SECRET_KEY }}
- name: Build release app
uses: gradle/gradle-build-action@a4cf152f482c7ca97ef56ead29bf08bcd953284c # v2.7.0
diff --git a/scripts/encrypt-secret.sh b/scripts/encrypt-secret.sh
index abbcf559..80f93d0a 100755
--- a/scripts/encrypt-secret.sh
+++ b/scripts/encrypt-secret.sh
@@ -2,15 +2,17 @@
set -euo pipefail
-# Simple script that uses OpenSSL to encrypt a provided file with a provided key, and writes the result
-# to the provided path. Yes it's very needy.
-
INPUT_FILE="${1:-}"
OUTPUT_FILE="${2:-}"
-ENCRYPT_KEY="${3:-}"
+AGE_KEY="${3:-}"
-if [[ -n "$ENCRYPT_KEY" && -n "$INPUT_FILE" && -n "$OUTPUT_FILE" ]]; then
- openssl enc -aes-256-cbc -md sha256 -pbkdf2 -e -in "${INPUT_FILE}" -out "${OUTPUT_FILE}" -k "${ENCRYPT_KEY}"
-else
- echo "Usage: ./encrypt-secret.sh