Add decoding to secrets

action.yml

@@ -76,6 +76,9 @@ inputs:
     description: 'Time in seconds, after which token expires'
     required: false
     default: 3600
+  secretEncoding:
+    description: 'Encoding of the secret value. Can be "base64", "hex", "utf8".'
+    required: false
 runs:
   using: 'node16'
   main: 'dist/index.js'

dist/index.js

@@ -17129,6 +17129,8 @@ async function exportSecrets() {
     const secretsInput = core.getInput('secrets', { required: false });
     const secretRequests = parseSecretsInput(secretsInput);
 
+    const secretEncoding = core.getInput('secretEncoding', { required: false });
+
     const vaultMethod = (core.getInput('method', { required: false }) || 'token').toLowerCase();
     const authPayload = core.getInput('authPayload', { required: false });
     if (!AUTH_METHODS.includes(vaultMethod) && !authPayload) {
@@ -17193,11 +17195,23 @@ async function exportSecrets() {
 
     const results = await getSecrets(requests, client);
 
+
     for (const result of results) {
-        const { value, request, cachedResponse } = result;
+        // Output the result
+
+        var value = result.value;
+        const request = result.request;
+        const cachedResponse = result.cachedResponse;
+
         if (cachedResponse) {
             core.debug('ℹ using cached response');
         }
+
+        // if a secret is encoded, decode it
+        if (secretEncoding) {
+            value = Buffer.from(value, secretEncoding).toString();
+        }
+
         for (const line of value.replace(/\r/g, '').split('\n')) {
             if (line.length > 0) {
                 command.issue('add-mask', line);
@@ -17211,7 +17225,7 @@ async function exportSecrets() {
     }
 };
 
-/** @typedef {Object} SecretRequest 
+/** @typedef {Object} SecretRequest
  * @property {string} path
  * @property {string} envVarName
  * @property {string} outputVarName

src/action.js

@@ -17,6 +17,8 @@ async function exportSecrets() {
     const secretsInput = core.getInput('secrets', { required: false });
     const secretRequests = parseSecretsInput(secretsInput);
 
+    const secretEncoding = core.getInput('secretEncoding', { required: false });
+
     const vaultMethod = (core.getInput('method', { required: false }) || 'token').toLowerCase();
     const authPayload = core.getInput('authPayload', { required: false });
     if (!AUTH_METHODS.includes(vaultMethod) && !authPayload) {
@@ -81,11 +83,23 @@ async function exportSecrets() {
 
     const results = await getSecrets(requests, client);
 
+
     for (const result of results) {
-        const { value, request, cachedResponse } = result;
+        // Output the result
+
+        var value = result.value;
+        const request = result.request;
+        const cachedResponse = result.cachedResponse;
+
         if (cachedResponse) {
             core.debug('ℹ using cached response');
         }
+
+        // if a secret is encoded, decode it
+        if (secretEncoding) {
+            value = Buffer.from(value, secretEncoding).toString();
+        }
+
         for (const line of value.replace(/\r/g, '').split('\n')) {
             if (line.length > 0) {
                 command.issue('add-mask', line);
@@ -99,7 +113,7 @@ async function exportSecrets() {
     }
 };
 
-/** @typedef {Object} SecretRequest 
+/** @typedef {Object} SecretRequest
  * @property {string} path
  * @property {string} envVarName
  * @property {string} outputVarName