docker/login-action
3
0
Fork 0
mirror of https://github.com/docker/login-action.git synced 2025-06-23 03:37:58 +02:00
Code Issues Packages Projects Releases Wiki Activity

aws: ensure temp credentials redacted in workflow logs

Browse Source 
Just for good measure and extra safety, redact temporary
credentials when aws authorization token is retrieved using
IAM authentication credentials to access Amazon ECR.

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax
2022-09-09 00:05:45 +02:00
parent be010b4293
commit 07cad18854
3 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
dist/index.js generated vendored
View File

File diff suppressed because one or more lines are too long

2
dist/index.js.map generated vendored
View File

File diff suppressed because one or more lines are too long

4
src/aws.ts
View File

@ -96,6 +96,8 @@ export const getRegistriesData = async (registry: string, username?: string, pas
}
const authToken = Buffer.from(authTokenResponse.authorizationData.authorizationToken, 'base64').toString('utf-8');
const creds = authToken.split(':', 2);
core.setSecret(creds[0]); // redacted in workflow logs
core.setSecret(creds[1]); // redacted in workflow logs
return [
{
registry: 'public.ecr.aws',
@ -122,6 +124,8 @@ export const getRegistriesData = async (registry: string, username?: string, pas
for (const authData of authTokenResponse.authorizationData) {
const authToken = Buffer.from(authData.authorizationToken || '', 'base64').toString('utf-8');
const creds = authToken.split(':', 2);
core.setSecret(creds[0]); // redacted in workflow logs
core.setSecret(creds[1]); // redacted in workflow logs
regDatas.push({
registry: authData.proxyEndpoint || '',
username: creds[0],