You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be beneficial to allow the caller to unmask the access key. I suppose this is similar request to the mask-aws-account-id feature.
This would allow users to pass outputs in github action jobs/steps that may include the access key. Example: It is included in signed urls.
From my understanding AWS_ACCESS_KEY_ID isn't sensitive information and is akin to a username?
Use Case
I've noticed that the action sets the credentials in env vars and the AWS_ACCESS_KEY_ID is set as a secret.
I run into issues afterwards when I generate a signed url and then try to pass that output from a job/step into another job.
Github then never passes the output because the signed url contains the AWS_ACCESS_KEY_ID in it with a warning
Skip output 'signedUrl' since it may contain secret.
I know a proposed workaround is probably to just generate the signed url in the job/step you will need to use it in.
However this is problematic, because if you are trying to use an action that just consumes the value as a parameter, you do not have that option.
Even if you write the signed url to a file, you would need a step before to cat it into a variable and then pass it to the next step (which again you'd run into the same issue)
Proposed Solution
mask-aws-access-key: 'false | true'
can be true by default
Other Information
No response
Acknowledgements
I may be able to implement this feature request
This feature might incur a breaking change
The text was updated successfully, but these errors were encountered:
Manage your access keys securely. Do not provide your access keys to unauthorized parties, even to help find your account identifiers. By doing this, you might give someone permanent access to your account.
So the recommendation is to store both the access key ID and secret access key in a secure location. But, similar to #494, you could hard code the access key in your action if you don't want it to be masked.
Describe the feature
It would be beneficial to allow the caller to unmask the access key. I suppose this is similar request to the
mask-aws-account-id
feature.This would allow users to pass outputs in github action jobs/steps that may include the access key. Example: It is included in signed urls.
From my understanding
AWS_ACCESS_KEY_ID
isn't sensitive information and is akin to a username?Use Case
I've noticed that the action sets the credentials in env vars and the
AWS_ACCESS_KEY_ID
is set as a secret.I run into issues afterwards when I generate a signed url and then try to pass that output from a job/step into another job.
Github then never passes the output because the signed url contains the AWS_ACCESS_KEY_ID in it with a warning
I know a proposed workaround is probably to just generate the signed url in the job/step you will need to use it in.
However this is problematic, because if you are trying to use an action that just consumes the value as a parameter, you do not have that option.
Even if you write the signed url to a file, you would need a step before to cat it into a variable and then pass it to the next step (which again you'd run into the same issue)
Proposed Solution
can be true by default
Other Information
No response
Acknowledgements
The text was updated successfully, but these errors were encountered: