From 96ddc684d33dbca7641ad90eec3595715e4df28a Mon Sep 17 00:00:00 2001 From: Sun Serega Date: Fri, 16 Aug 2024 22:06:16 +0200 Subject: [PATCH] +14 - add key protection --- .github/workflows/upstream pretest.yaml | 32 ++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/.github/workflows/upstream pretest.yaml b/.github/workflows/upstream pretest.yaml index d176e489..e029b5ea 100644 --- a/.github/workflows/upstream pretest.yaml +++ b/.github/workflows/upstream pretest.yaml @@ -27,10 +27,36 @@ jobs: Get-Service -Name ssh-agent | Set-Service -StartupType Manual Start-Service -Name ssh-agent + Write-Host "UserName: $env:UserName" + Write-Host "UserProfile: $env:UserProfile" + + # Set Key File Variable: + New-Variable -Name Key -Value "$env:UserProfile\.ssh\id_rsa" + $ssh_key = '${{ secrets.SSH_KEY }}' - $ssh_key | Set-Content 'ssh_key' - ssh-add 'ssh_key' - + $ssh_key | Set-Content $Key + + # Remove Inheritance: + Icacls $Key /c /t /Inheritance:d + + # Set Ownership to Owner: + # Key's within $env:UserProfile: + Icacls $Key /c /t /Grant ${env:UserName}:F + + # Key's outside of $env:UserProfile: + TakeOwn /F $Key + Icacls $Key /c /t /Grant:r ${env:UserName}:F + + # Remove All Users, except for Owner: + Icacls $Key /c /t /Remove:g Administrator "Authenticated Users" BUILTIN\Administrators BUILTIN Everyone System Users + + # Verify: + Icacls $Key + + ssh-add $Key + # Remove Variable: + Remove-Variable -Name Key + # - uses: webfactory/ssh-agent@v0.9.0 # with: # ssh-private-key: ${{ secrets.SSH_KEY }}