Skip to content

Commit

Permalink
Merge pull request #275 from crazy-max/redact-aws-creds
Browse files Browse the repository at this point in the history
aws: ensure temp credentials redacted in workflow logs
  • Loading branch information
tonistiigi authored Sep 9, 2022
2 parents be010b4 + 07cad18 commit 21f251a
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 2 deletions.
2 changes: 1 addition & 1 deletion dist/index.js

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion dist/index.js.map

Large diffs are not rendered by default.

4 changes: 4 additions & 0 deletions src/aws.ts
Original file line number Diff line number Diff line change
Expand Up @@ -96,6 +96,8 @@ export const getRegistriesData = async (registry: string, username?: string, pas
}
const authToken = Buffer.from(authTokenResponse.authorizationData.authorizationToken, 'base64').toString('utf-8');
const creds = authToken.split(':', 2);
core.setSecret(creds[0]); // redacted in workflow logs
core.setSecret(creds[1]); // redacted in workflow logs
return [
{
registry: 'public.ecr.aws',
Expand All @@ -122,6 +124,8 @@ export const getRegistriesData = async (registry: string, username?: string, pas
for (const authData of authTokenResponse.authorizationData) {
const authToken = Buffer.from(authData.authorizationToken || '', 'base64').toString('utf-8');
const creds = authToken.split(':', 2);
core.setSecret(creds[0]); // redacted in workflow logs
core.setSecret(creds[1]); // redacted in workflow logs
regDatas.push({
registry: authData.proxyEndpoint || '',
username: creds[0],
Expand Down

0 comments on commit 21f251a

Please sign in to comment.