I'm following this guide to update Github's dependabot secrets using their newly released API.
There's a part that says I need to encrypt my secret value using a public key
...
const key = "base64-encoded-public-key";
const value = "plain-text-secret";
// Convert the message and key to Uint8Array's (Buffer implements that interface)
const messageBytes = Buffer.from(value);
const keyBytes = Buffer.from(key, 'base64');
...
My question is, where does this public key come from? I don't recall setting up any keys when configuring dependabot for my repo.
Looking through the dependabot API docs I realized there's also an endpoint to get your repository's public key which gives you the public key to be used. I missed it initially.