New workflow to keep GitHub secrets up-to-date

[tonirvega]

Motivation

We aim to ensure our secrets within our GitHub organization are always up-to-date. Implementing a new workflow that runs periodically can help us maintain this configuration effortlessly.

Config file

A workflow will periodically apply this configuration, ensuring that our secrets remain current.

# github-secrets.yaml
secrets:
  MY_SECRET_EXAMPLE_FROM_KV:  "https://my-vault.vault.azure.net/secrets/foo/2a33e1481e59478fa0239cd1721f261c"
  MY_SECRET_EXAMPLE_FROM_PARAMETER_STORE:  "arn:aws:ssm:eu-west-1:xxxxxxxxxxxx:parameter/my-example-parameter"

Requirements

• The workflow should authenticate via OIDC method in cloud providers
• The configuration to apply should be set via terraform ?
• A centralized repository will manage this configuracion