Merge pull request #275 from crazy-max/redact-aws-creds

aws: ensure temp credentials redacted in workflow logs
This commit is contained in:
Tõnis Tiigi 2022-09-08 18:44:05 -07:00 committed by GitHub
commit 21f251affc
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 6 additions and 2 deletions

2
dist/index.js generated vendored

File diff suppressed because one or more lines are too long

2
dist/index.js.map generated vendored

File diff suppressed because one or more lines are too long

View file

@ -96,6 +96,8 @@ export const getRegistriesData = async (registry: string, username?: string, pas
} }
const authToken = Buffer.from(authTokenResponse.authorizationData.authorizationToken, 'base64').toString('utf-8'); const authToken = Buffer.from(authTokenResponse.authorizationData.authorizationToken, 'base64').toString('utf-8');
const creds = authToken.split(':', 2); const creds = authToken.split(':', 2);
core.setSecret(creds[0]); // redacted in workflow logs
core.setSecret(creds[1]); // redacted in workflow logs
return [ return [
{ {
registry: 'public.ecr.aws', registry: 'public.ecr.aws',
@ -122,6 +124,8 @@ export const getRegistriesData = async (registry: string, username?: string, pas
for (const authData of authTokenResponse.authorizationData) { for (const authData of authTokenResponse.authorizationData) {
const authToken = Buffer.from(authData.authorizationToken || '', 'base64').toString('utf-8'); const authToken = Buffer.from(authData.authorizationToken || '', 'base64').toString('utf-8');
const creds = authToken.split(':', 2); const creds = authToken.split(':', 2);
core.setSecret(creds[0]); // redacted in workflow logs
core.setSecret(creds[1]); // redacted in workflow logs
regDatas.push({ regDatas.push({
registry: authData.proxyEndpoint || '', registry: authData.proxyEndpoint || '',
username: creds[0], username: creds[0],