arcodange-org/vault-action
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add Decoding to Secrets (#408)

Browse Source 
* Add decoding to secrets

* remove index.js

* Add test case, and other updates
This commit is contained in:
Luis (LT) Carbonell
2023-01-17 10:42:49 -06:00
committed by GitHub
parent 8fa61e9099
commit 0f409d4023
3 changed files with 39 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/action.js
View File

@@ -6,6 +6,7 @@ const jsonata = require('jsonata');
const { auth: { retrieveToken }, secrets: { getSecrets } } = require('./index');
const AUTH_METHODS = ['approle', 'token', 'github', 'jwt', 'kubernetes'];
const ENCODING_TYPES = ['base64', 'hex', 'utf8'];
async function exportSecrets() {
const vaultUrl = core.getInput('url', { required: true });
@@ -17,6 +18,8 @@ async function exportSecrets() {
const secretsInput = core.getInput('secrets', { required: false });
const secretRequests = parseSecretsInput(secretsInput);
const secretEncodingType = core.getInput('secretEncodingType', { required: false });
const vaultMethod = (core.getInput('method', { required: false }) || 'token').toLowerCase();
const authPayload = core.getInput('authPayload', { required: false });
if (!AUTH_METHODS.includes(vaultMethod) && !authPayload) {
@@ -81,11 +84,23 @@ async function exportSecrets() {
const results = await getSecrets(requests, client);
for (const result of results) {
const { value, request, cachedResponse } = result;
// Output the result
var value = result.value;
const request = result.request;
const cachedResponse = result.cachedResponse;
if (cachedResponse) {
core.debug(' using cached response');
}
// if a secret is encoded, decode it
if (ENCODING_TYPES.includes(secretEncodingType)) {
value = Buffer.from(value, secretEncodingType).toString();
}
for (const line of value.replace(/\r/g, '').split('\n')) {
if (line.length > 0) {
command.issue('add-mask', line);
@@ -99,7 +114,7 @@ async function exportSecrets() {
}
};
/** @typedef {Object} SecretRequest
/** @typedef {Object} SecretRequest
* @property {string} path
* @property {string} envVarName
* @property {string} outputVarName