Add Decoding to Secrets #408
Conversation
ltcarbonell
requested review from
davidadeleon,
elliesterner and
jasonodonnell
jasonodonnell
requested review from
a team
and removed request for
jasonodonnell,
elliesterner and
davidadeleon
src/action.js
Outdated
| @@ -17,6 +17,8 @@ async function exportSecrets() { | |||
| const secretsInput = core.getInput('secrets', { required: false }); | |||
| const secretRequests = parseSecretsInput(secretsInput); | |||
|
|
|||
| const secretEncoding = core.getInput('secretEncoding', { required: false }); | |||
There was a problem hiding this comment.
Does anything validate that the given encoding is one of "base64", "hex", "utf8"? Are their other encodings that could work via the buffer.From API that we'd want to prevent from using?
There was a problem hiding this comment.
Good note. I will add a check for supported encoding type.
action.yml
Outdated
| @@ -76,6 +76,9 @@ inputs: | |||
| description: 'Time in seconds, after which token expires' | |||
| required: false | |||
| default: 3600 | |||
| secretEncoding: | |||
| description: 'Encoding of the secret value. Can be "base64", "hex", "utf8".' | |||
There was a problem hiding this comment.
When I first read this, I thought it would encode the secret value. I see that at actually decodes based on the encoding set here. Perhaps we can improve the description to make that more obvious?
There was a problem hiding this comment.
This is true. Reading it again now I can see how it is fairly confusing. Will work on making that clearer
| @@ -17,6 +17,8 @@ async function exportSecrets() { | |||
| const secretsInput = core.getInput('secrets', { required: false }); | |||
There was a problem hiding this comment.
Might be worth dropping a test case in here to cover the behavior. Not sure how challenging that is (still learning about vault-action myself 🙂).
* Add decoding to secrets * remove index.js * Add test case, and other updates
Adds support for encoded Vault secrets.
Example usage:
Resolves #105