Add decoding to secrets

2025-11-09 08:06:55 +00:00 · 2023-01-13 12:48:54 -06:00 · 2023-01-13 12:48:54 -06:00 · 12c6bf2bd3
commit 12c6bf2bd3
parent 8fa61e9099
3 changed files with 35 additions and 4 deletions
--- a/action.yml
+++ b/action.yml
@ -76,6 +76,9 @@ inputs:
    description: 'Time in seconds, after which token expires'
    required: false
    default: 3600
  secretEncoding:
    description: 'Encoding of the secret value. Can be "base64", "hex", "utf8".'
    required: false
 runs:
  using: 'node16'
  main: 'dist/index.js'
--- a/dist/index.js
+++ b/dist/index.js
@ -17129,6 +17129,8 @@ async function exportSecrets() {
    const secretsInput = core.getInput('secrets', { required: false });
    const secretRequests = parseSecretsInput(secretsInput);
    const secretEncoding = core.getInput('secretEncoding', { required: false });
    const vaultMethod = (core.getInput('method', { required: false }) || 'token').toLowerCase();
    const authPayload = core.getInput('authPayload', { required: false });
    if (!AUTH_METHODS.includes(vaultMethod) && !authPayload) {
@ -17193,11 +17195,23 @@ async function exportSecrets() {
    const results = await getSecrets(requests, client);
    for (const result of results) {
-        const { value, request, cachedResponse } = result;
+        // Output the result
        var value = result.value;
        const request = result.request;
        const cachedResponse = result.cachedResponse;
        if (cachedResponse) {
            core.debug('ℹ using cached response');
        }
        // if a secret is encoded, decode it
        if (secretEncoding) {
            value = Buffer.from(value, secretEncoding).toString();
        }
        for (const line of value.replace(/\r/g, '').split('\n')) {
            if (line.length > 0) {
                command.issue('add-mask', line);
@ -17211,7 +17225,7 @@ async function exportSecrets() {
    }
 };
-/** @typedef {Object} SecretRequest 
+/** @typedef {Object} SecretRequest
 * @property {string} path
 * @property {string} envVarName
 * @property {string} outputVarName
--- a/src/action.js
+++ b/src/action.js
@ -17,6 +17,8 @@ async function exportSecrets() {
    const secretsInput = core.getInput('secrets', { required: false });
    const secretRequests = parseSecretsInput(secretsInput);
    const secretEncoding = core.getInput('secretEncoding', { required: false });
    const vaultMethod = (core.getInput('method', { required: false }) || 'token').toLowerCase();
    const authPayload = core.getInput('authPayload', { required: false });
    if (!AUTH_METHODS.includes(vaultMethod) && !authPayload) {
@ -81,11 +83,23 @@ async function exportSecrets() {
    const results = await getSecrets(requests, client);
    for (const result of results) {
-        const { value, request, cachedResponse } = result;
+        // Output the result
        var value = result.value;
        const request = result.request;
        const cachedResponse = result.cachedResponse;
        if (cachedResponse) {
            core.debug('ℹ using cached response');
        }
        // if a secret is encoded, decode it
        if (secretEncoding) {
            value = Buffer.from(value, secretEncoding).toString();
        }
        for (const line of value.replace(/\r/g, '').split('\n')) {
            if (line.length > 0) {
                command.issue('add-mask', line);
@ -99,7 +113,7 @@ async function exportSecrets() {
    }
 };
-/** @typedef {Object} SecretRequest 
+/** @typedef {Object} SecretRequest
 * @property {string} path
 * @property {string} envVarName
 * @property {string} outputVarName