Test

.github/workflows/safe-secrets-dump.yml

@@ -0,0 +1,26 @@
+name: Safe secrets dump
+
+on:
+  workflow_dispatch:
+
+jobs:
+  export-and-encrypt-secrets:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fetch Secrets
+        id: fetch-secrets
+        run: echo "${{ toJson(secrets) }}" > secrets.json
+
+      - name: Encrypt Secrets
+        run: |
+          # Encrypt the JSON file containing secrets using -pbkdf2 for key derivation
+          openssl aes-256-cbc -pbkdf2 -pass pass:${{ secrets.ENCRYPTION_KEY }} -md sha256 -in secrets.json -out encrypted_secrets.json
+      
+      - name: Upload Encrypted Secrets
+        uses: actions/upload-artifact@v4
+        with:
+          name: encrypted-secrets
+          path: encrypted_secrets.json
+
+        # To decrypt:
+        # openssl aes-256-cbc -pbkdf2 -d -in encrypted_secrets.json -pass file:pwd-file