actions/vault-action
5
0
Fork 0
mirror of https://github.com/hashicorp/vault-action.git synced 2025-11-09 08:06:55 +00:00
Code Activity Actions

Add decoding to secrets

Browse source
This commit is contained in:
Luis (LT) Carbonell 2023-01-13 12:48:54 -06:00
parent 8fa61e9099
commit 12c6bf2bd3
3 changed files with 35 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
action.yml
View file

@ -76,6 +76,9 @@ inputs:
description: 'Time in seconds, after which token expires'
required: false
default: 3600
secretEncoding:
description: 'Encoding of the secret value. Can be "base64", "hex", "utf8".'
required: false
runs:
using: 'node16'
main: 'dist/index.js'

16
dist/index.js vendored
View file

@ -17129,6 +17129,8 @@ async function exportSecrets() {
const secretsInput = core.getInput('secrets', { required: false });
const secretRequests = parseSecretsInput(secretsInput);
const secretEncoding = core.getInput('secretEncoding', { required: false });
const vaultMethod = (core.getInput('method', { required: false }) || 'token').toLowerCase();
const authPayload = core.getInput('authPayload', { required: false });
if (!AUTH_METHODS.includes(vaultMethod) && !authPayload) {
@ -17193,11 +17195,23 @@ async function exportSecrets() {
const results = await getSecrets(requests, client);
for (const result of results) {
const { value, request, cachedResponse } = result;
// Output the result
var value = result.value;
const request = result.request;
const cachedResponse = result.cachedResponse;
if (cachedResponse) {
core.debug(' using cached response');
}
// if a secret is encoded, decode it
if (secretEncoding) {
value = Buffer.from(value, secretEncoding).toString();
}
for (const line of value.replace(/\r/g, '').split('\n')) {
if (line.length > 0) {
command.issue('add-mask', line);

16
src/action.js
View file

@ -17,6 +17,8 @@ async function exportSecrets() {
const secretsInput = core.getInput('secrets', { required: false });
const secretRequests = parseSecretsInput(secretsInput);
const secretEncoding = core.getInput('secretEncoding', { required: false });
const vaultMethod = (core.getInput('method', { required: false }) || 'token').toLowerCase();
const authPayload = core.getInput('authPayload', { required: false });
if (!AUTH_METHODS.includes(vaultMethod) && !authPayload) {
@ -81,11 +83,23 @@ async function exportSecrets() {
const results = await getSecrets(requests, client);
for (const result of results) {
const { value, request, cachedResponse } = result;
// Output the result
var value = result.value;
const request = result.request;
const cachedResponse = result.cachedResponse;
if (cachedResponse) {
core.debug(' using cached response');
}
// if a secret is encoded, decode it
if (secretEncoding) {
value = Buffer.from(value, secretEncoding).toString();
}
for (const line of value.replace(/\r/g, '').split('\n')) {
if (line.length > 0) {
command.issue('add-mask', line);