gm3dmo · gm3dmo · May 24, 2025 · Apr 30, 2025 · Apr 30, 2025 · May 24, 2025
diff --git a/configure.py b/configure.py
@@ -335,6 +335,15 @@ def main(args):
 # Dispatcher
 pool_size=10
 
+### Enterprise Audit Log
+# Stream 1
+stream1_azure_blob_sas_url="blob_sas_url"
+stream1_container="container"
+
+# Stream 2
+stream2_azure_blob_sas_url="blob_sas_url"
+stream2_container="container"
+
 
 
 """

diff --git a/create-an-audit-log-streaming-configuration-for-an-enterprise.sh b/create-an-audit-log-streaming-configuration-for-an-enterprise.sh
@@ -0,0 +1,43 @@
+.  ./.gh-api-examples.conf
+
+# https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/audit-log?apiVersion=2022-11-28#create-an-audit-log-streaming-configuration-for-an-enterprise
+# POST /enterprises/{enterprise}/audit-log/streams
+
+
+# If the script is passed an argument $1 use that as the name
+if [ -z "$1" ]
+  then
+    stream_no=2
+  else
+    stream_no=$1
+fi
+
+
+enabled=true
+stream_type="Azure Blob Storage"
+
+
+json_file=tmp/create-an-audit-log-streaming-configuration-for-an-enterprise.json
+jq -n \
+           --arg enabled "$enabled" \
+           --arg stream_type "$stream_type" \
+           --arg stream1_azure_blob_sas_url "$stream1_azure_blob_sas_url" \
+           --arg stream1_container "$stream1_container" \
+           '{
+             enabled : $enabled,
+             stream_type: $stream_type,
+             vendor_specific: { AzureBlobConfig : {
+               encrypted_sas_url: $stream1_azure_blob_sas_url,
+               key_id: $key_id
+             }
+             }
+           }' > ${json_file}
+
+cat $json_file | jq -r
+
+set -x
+curl -v -L \
+  -H "Accept: application/vnd.github+json" \
+  -H "Authorization: Bearer ${GITHUB_TOKEN}" \
+  -H "X-GitHub-Api-Version: $github_api_version" \
+     "$GITHUB_API_BASE_URL/enterprises/${enterprise}/audit-log/streams" --data @${json_file}
diff --git a/create-enterprise-audit-log-stream-key.rb b/create-enterprise-audit-log-stream-key.rb
@@ -0,0 +1,16 @@
+require "rbnacl"
+require "base64"
+
+# You will likely need to `gem install rbnacl` for this script to work.
+
+pk = ARGV[0]
+encrypted_item = ARGV[1]
+
+key = Base64.decode64(pk)
+public_key = RbNaCl::PublicKey.new(key)
+
+box = RbNaCl::Boxes::Sealed.from_public_key(public_key)
+encrypted_secret = box.encrypt(encrypted_item)
+
+# Print the base64 encoded secret
+puts Base64.strict_encode64(encrypted_secret)
diff --git a/create-splunk-audit-log-stream-for-an-enterprise.sh b/create-splunk-audit-log-stream-for-an-enterprise.sh
@@ -0,0 +1,59 @@
+.  ./.gh-api-examples.conf
+
+# https://docs.github.com/en/enterprise-cloud@latest/rest/enterprise-admin/audit-log?apiVersion=2022-11-28#create-an-audit-log-streaming-configuration-for-an-enterprise
+# POST /enterprises/{enterprise}/audit-log/streams
+
+
+# If the script is passed an argument $1 use that as the name
+if [ -z "$1" ]
+  then
+    stream_no=2
+  else
+    stream_no=$1
+fi
+
+
+enabled=true
+stream_type="Splunk"
+domain="audit.yourdomain.com"
+port=443
+token='mytoken'
+# SSL verification helps ensure your events are sent to your Splunk endpoint securely.
+ssl_verify=false
+
+# Key ID obtained from the audit log stream key endpoint used to encrypt secrets.
+audit_key_details="tmp/audit-log-stream-key.json"
+./get-the-audit-log-stream-key-for-encrypting-secrets.sh > ${audit_key_details}
+key_id=$(jq -r '.key_id' ${audit_key_details})
+key=$(jq -r '.key' ${audit_key_details})
+
+encrypted_token=$(ruby create-enterprise-audit-log-stream-key.rb $key $token)
+
+
+json_file=tmp/create-an-audit-log-streaming-configuration-for-an-enterprise.json
+jq -n \
+           --arg stream_type "$stream_type" \
+           --arg domain "$domain" \
+           --arg port "$port" \
+           --arg key_id "$key_id" \
+           --arg encrypted_token "$encrypted_token" \
+           --arg ssl_verify "$ssl_verify" \
+           --arg enabled "$enabled" \
+           '{
+             stream_type : $stream_type,
+             enabled : $enabled | test("true"),
+             vendor_specific :  {
+               domain : $domain,
+               port : $port | tonumber,
+               key_id : $key_id,
+               encrypted_token : $encrypted_token,
+               ssl_verify: $ssl_verify | test("true")
+             }
+           }' > ${json_file}
+
+curl -L \
+     -H "Accept: application/vnd.github+json" \
+     -H "Authorization: Bearer ${GITHUB_TOKEN}" \
+     -H "X-GitHub-Api-Version: $github_api_version" \
+        "$GITHUB_API_BASE_URL/enterprises/${enterprise}/audit-log/streams" --data @${json_file}
+
diff --git a/create-stream-key-as-secret.sh b/create-stream-key-as-secret.sh
@@ -0,0 +1,31 @@
+.  ./.gh-api-examples.conf
+
+# https://docs.github.com/en/rest/reference/actions#create-or-update-a-repository-secret
+# PUT /repos/{owner}/{repo}/actions/secrets/{secret_name}
+
+
+secret_name="THE_POWER_PAT"
+key_id=$(./get-a-repository-public-key.sh | jq -r '.key_id')
+repo_public_key=$(./get-a-repository-public-key.sh | jq -r '.key')
+encrypted_value=$(ruby create-pat-as-repository-secret.rb ${repo_public_key} ${GITHUB_TOKEN})
+repository_id=$(./list-repo.sh ${repo} | jq -r '.id')
+
+
+json_file=tmp/repository-secret.json
+jq -n \
+           --arg secret_name "${secret_name}" \
+           --arg key_id "${key_id}" \
+           --arg encrypted_value "${encrypted_value}" \
+           '{
+             secret_name: $secret_name,
+             key_id: $key_id,
+             encrypted_value: $encrypted_value
+           }' > ${json_file}
+
+
+curl ${curl_custom_flags} \
+     -X PUT \
+     -H "Accept: application/vnd.github.v3+json" \
+     -H "Authorization: Bearer ${GITHUB_TOKEN}" \
+        "${GITHUB_API_BASE_URL}/repos/${org}/${repo}/actions/secrets/${secret_name}" --data @${json_file}
+