aws: ensure temp credentials redacted in workflow logs

Just for good measure and extra safety, redact temporary credentials when aws authorization token is retrieved using IAM authentication credentials to access Amazon ECR. Signed-off-by: CrazyMax <crazy-max@users.noreply.github.com>
2022-09-09 00:05:45 +02:00 · 2022-09-09 00:05:45 +02:00 · 07cad18854
--- a/dist/index.js
+++ b/dist/index.js
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/src/aws.ts
+++ b/src/aws.ts
@ -96,6 +96,8 @@ export const getRegistriesData = async (registry: string, username?: string, pas
    }
    const authToken = Buffer.from(authTokenResponse.authorizationData.authorizationToken, 'base64').toString('utf-8');
    const creds = authToken.split(':', 2);
+    core.setSecret(creds[0]); // redacted in workflow logs
+    core.setSecret(creds[1]); // redacted in workflow logs
    return [
      {
        registry: 'public.ecr.aws',
@ -122,6 +124,8 @@ export const getRegistriesData = async (registry: string, username?: string, pas
    for (const authData of authTokenResponse.authorizationData) {
      const authToken = Buffer.from(authData.authorizationToken || '', 'base64').toString('utf-8');
      const creds = authToken.split(':', 2);
+      core.setSecret(creds[0]); // redacted in workflow logs
+      core.setSecret(creds[1]); // redacted in workflow logs
      regDatas.push({
        registry: authData.proxyEndpoint || '',
        username: creds[0],