aws: ensure temp credentials redacted in workflow logs
Just for good measure and extra safety, redact temporary credentials when aws authorization token is retrieved using IAM authentication credentials to access Amazon ECR. Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
parent
be010b4293
commit
07cad18854
2
dist/index.js
generated
vendored
2
dist/index.js
generated
vendored
File diff suppressed because one or more lines are too long
2
dist/index.js.map
generated
vendored
2
dist/index.js.map
generated
vendored
File diff suppressed because one or more lines are too long
|
@ -96,6 +96,8 @@ export const getRegistriesData = async (registry: string, username?: string, pas
|
||||||
}
|
}
|
||||||
const authToken = Buffer.from(authTokenResponse.authorizationData.authorizationToken, 'base64').toString('utf-8');
|
const authToken = Buffer.from(authTokenResponse.authorizationData.authorizationToken, 'base64').toString('utf-8');
|
||||||
const creds = authToken.split(':', 2);
|
const creds = authToken.split(':', 2);
|
||||||
|
core.setSecret(creds[0]); // redacted in workflow logs
|
||||||
|
core.setSecret(creds[1]); // redacted in workflow logs
|
||||||
return [
|
return [
|
||||||
{
|
{
|
||||||
registry: 'public.ecr.aws',
|
registry: 'public.ecr.aws',
|
||||||
|
@ -122,6 +124,8 @@ export const getRegistriesData = async (registry: string, username?: string, pas
|
||||||
for (const authData of authTokenResponse.authorizationData) {
|
for (const authData of authTokenResponse.authorizationData) {
|
||||||
const authToken = Buffer.from(authData.authorizationToken || '', 'base64').toString('utf-8');
|
const authToken = Buffer.from(authData.authorizationToken || '', 'base64').toString('utf-8');
|
||||||
const creds = authToken.split(':', 2);
|
const creds = authToken.split(':', 2);
|
||||||
|
core.setSecret(creds[0]); // redacted in workflow logs
|
||||||
|
core.setSecret(creds[1]); // redacted in workflow logs
|
||||||
regDatas.push({
|
regDatas.push({
|
||||||
registry: authData.proxyEndpoint || '',
|
registry: authData.proxyEndpoint || '',
|
||||||
username: creds[0],
|
username: creds[0],
|
||||||
|
|
Loading…
Reference in New Issue
Block a user