Secrets storage with SecretKey encrypted (#22142)

Fork of #14483, but [gave up MasterKey](https://github.com/go-gitea/gitea/pull/14483#issuecomment-1350728557), and fixed some problems. Close #12065. Needed by #13539. Featrues: - Secrets for repo and org, not user yet. - Use SecretKey to encrypte/encrypt secrets. - Trim spaces of secret value. - Add a new locale ini block, to make it easy to support secrets for user. Snapshots: Repo level secrets: ![image](https://user-images.githubusercontent.com/9418365/207823319-b8a4903f-38ca-4af7-9d05-336a5af906f3.png) Rrg level secrets ![image](https://user-images.githubusercontent.com/9418365/207823371-8bd02e93-1928-40d1-8c76-f48b255ace36.png) Co-authored-by: Lauris BH <lauris@nix.lv> Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com> Co-authored-by: delvh <dev.lh@web.de> Co-authored-by: KN4CK3R <admin@oldschoolhack.me>
2025-05-31 20:02:09 +00:00 · 2022-12-20 17:07:13 +08:00 · 2022-12-20 17:07:13 +08:00 · 659055138b
commit 659055138b
parent 40ba750c4b
17 changed files with 468 additions and 2 deletions
--- a/routers/web/web.go
+++ b/routers/web/web.go
@ -774,6 +774,12 @@ func RegisterRoutes(m *web.Route) {
 					m.Post("/initialize", web.Bind(forms.InitializeLabelsForm{}), org.InitializeLabels)
 				})

+				m.Group("/secrets", func() {
+					m.Get("", org.Secrets)
+					m.Post("", web.Bind(forms.AddSecretForm{}), org.SecretsPost)
+					m.Post("/delete", org.SecretsDelete)
+				})
+
 				m.Route("/delete", "GET,POST", org.SettingsDelete)

 				m.Group("/packages", func() {
@ -912,6 +918,10 @@ func RegisterRoutes(m *web.Route) {
 				m.Combo("").Get(repo.DeployKeys).
 					Post(web.Bind(forms.AddKeyForm{}), repo.DeployKeysPost)
 				m.Post("/delete", repo.DeleteDeployKey)
+				m.Group("/secrets", func() {
+					m.Post("", web.Bind(forms.AddSecretForm{}), repo.SecretsPost)
+					m.Post("/delete", repo.DeleteSecret)
+				})
 			})

 			m.Group("/lfs", func() {