get-secretmanager-secrets icon indicating copy to clipboard operation
get-secretmanager-secrets copied to clipboard

Published 20 hours ago verified publisher icon google-github-actions

Allow to filter masking of secrets

Open rohit-gohri opened this issue 3 years ago • 0 comments

TL;DR

Add an option to filter masking of secrets with a regex.

Detailed design

Getting a multi line JSON secret (a credentials json as an example) masks single characters like { and causes issues in setting outputs in composite actions with this warning : Warning: Skip output 'result' since it may contain secret.

This is due to the fix added in https://github.com/google-github-actions/get-secretmanager-secrets/pull/9

We don't want to disable masking because we still want to mask some part of that multi line JSON (the private key in case of credentials json) but want to skip other parts like the braces {, }, the project_id, etc.

Rather than hardcoding these, I propose we add an optional input mask_filter through which we can skip masking for some lines when going through a multi-line secret line by line.

Additional information

No response

rohit-gohri avatar Jun 28 '22 17:06 rohit-gohri