docker/login-action
1
0
Fork 0
mirror of https://github.com/docker/login-action.git synced 2025-04-27 17:16:35 +02:00
Code Activity

aws: ensure temp credentials redacted in workflow logs

Browse source 
Just for good measure and extra safety, redact temporary
credentials when aws authorization token is retrieved using
IAM authentication credentials to access Amazon ECR.

Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
This commit is contained in:
CrazyMax 2022-09-09 00:05:45 +02:00
parent be010b4293
commit 07cad18854
No known key found for this signature in database
GPG key ID: 3248E46B6BB8C7F7
3 changed files with 6 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
src/aws.ts
View file

@ -96,6 +96,8 @@ export const getRegistriesData = async (registry: string, username?: string, pas
}
const authToken = Buffer.from(authTokenResponse.authorizationData.authorizationToken, 'base64').toString('utf-8');
const creds = authToken.split(':', 2);
core.setSecret(creds[0]); // redacted in workflow logs
core.setSecret(creds[1]); // redacted in workflow logs
return [
{
registry: 'public.ecr.aws',
@ -122,6 +124,8 @@ export const getRegistriesData = async (registry: string, username?: string, pas
for (const authData of authTokenResponse.authorizationData) {
const authToken = Buffer.from(authData.authorizationToken || '', 'base64').toString('utf-8');
const creds = authToken.split(':', 2);
core.setSecret(creds[0]); // redacted in workflow logs
core.setSecret(creds[1]); // redacted in workflow logs
regDatas.push({
registry: authData.proxyEndpoint || '',
username: creds[0],