From 12c6bf2bd324b4f521c61d30c9d661f9217b983a Mon Sep 17 00:00:00 2001 From: "Luis (LT) Carbonell" Date: Fri, 13 Jan 2023 12:48:54 -0600 Subject: [PATCH] Add decoding to secrets --- action.yml | 3 +++ dist/index.js | 18 ++++++++++++++++-- src/action.js | 18 ++++++++++++++++-- 3 files changed, 35 insertions(+), 4 deletions(-) diff --git a/action.yml b/action.yml index 13b14ae..7b4ed8a 100644 --- a/action.yml +++ b/action.yml @@ -76,6 +76,9 @@ inputs: description: 'Time in seconds, after which token expires' required: false default: 3600 + secretEncoding: + description: 'Encoding of the secret value. Can be "base64", "hex", "utf8".' + required: false runs: using: 'node16' main: 'dist/index.js' diff --git a/dist/index.js b/dist/index.js index fd4b100..787fdba 100644 --- a/dist/index.js +++ b/dist/index.js @@ -17129,6 +17129,8 @@ async function exportSecrets() { const secretsInput = core.getInput('secrets', { required: false }); const secretRequests = parseSecretsInput(secretsInput); + const secretEncoding = core.getInput('secretEncoding', { required: false }); + const vaultMethod = (core.getInput('method', { required: false }) || 'token').toLowerCase(); const authPayload = core.getInput('authPayload', { required: false }); if (!AUTH_METHODS.includes(vaultMethod) && !authPayload) { @@ -17193,11 +17195,23 @@ async function exportSecrets() { const results = await getSecrets(requests, client); + for (const result of results) { - const { value, request, cachedResponse } = result; + // Output the result + + var value = result.value; + const request = result.request; + const cachedResponse = result.cachedResponse; + if (cachedResponse) { core.debug('ℹ using cached response'); } + + // if a secret is encoded, decode it + if (secretEncoding) { + value = Buffer.from(value, secretEncoding).toString(); + } + for (const line of value.replace(/\r/g, '').split('\n')) { if (line.length > 0) { command.issue('add-mask', line); @@ -17211,7 +17225,7 @@ async function exportSecrets() { } }; -/** @typedef {Object} SecretRequest +/** @typedef {Object} SecretRequest * @property {string} path * @property {string} envVarName * @property {string} outputVarName diff --git a/src/action.js b/src/action.js index b52bba3..9bb229d 100644 --- a/src/action.js +++ b/src/action.js @@ -17,6 +17,8 @@ async function exportSecrets() { const secretsInput = core.getInput('secrets', { required: false }); const secretRequests = parseSecretsInput(secretsInput); + const secretEncoding = core.getInput('secretEncoding', { required: false }); + const vaultMethod = (core.getInput('method', { required: false }) || 'token').toLowerCase(); const authPayload = core.getInput('authPayload', { required: false }); if (!AUTH_METHODS.includes(vaultMethod) && !authPayload) { @@ -81,11 +83,23 @@ async function exportSecrets() { const results = await getSecrets(requests, client); + for (const result of results) { - const { value, request, cachedResponse } = result; + // Output the result + + var value = result.value; + const request = result.request; + const cachedResponse = result.cachedResponse; + if (cachedResponse) { core.debug('ℹ using cached response'); } + + // if a secret is encoded, decode it + if (secretEncoding) { + value = Buffer.from(value, secretEncoding).toString(); + } + for (const line of value.replace(/\r/g, '').split('\n')) { if (line.length > 0) { command.issue('add-mask', line); @@ -99,7 +113,7 @@ async function exportSecrets() { } }; -/** @typedef {Object} SecretRequest +/** @typedef {Object} SecretRequest * @property {string} path * @property {string} envVarName * @property {string} outputVarName