From 02a22822bca9af990acb03990f8a1b81f23d8226 Mon Sep 17 00:00:00 2001
From: mikereiddigital <mike.reid@digital.justice.gov.uk>
Date: Fri, 28 Jun 2024 11:25:10 +0100
Subject: [PATCH] Adds the redact of sensitive data items from test workflow
 output.

---
 .github/workflows/go-terratest.yml |  4 +++-
 scripts/redact-output.sh           | 11 +++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)
 create mode 100644 scripts/redact-output.sh

diff --git a/.github/workflows/go-terratest.yml b/.github/workflows/go-terratest.yml
index eed3bcb..7efc091 100644
--- a/.github/workflows/go-terratest.yml
+++ b/.github/workflows/go-terratest.yml
@@ -27,4 +27,6 @@ jobs:
         run: go mod download
       - name: Run Go Tests
         working-directory: test
-        run: go test -v
+        run: |
+          chmod 700 ../scripts/redact-output.sh
+          go test -v | ../scripts/redact-output.sh
diff --git a/scripts/redact-output.sh b/scripts/redact-output.sh
new file mode 100644
index 0000000..1d9e381
--- /dev/null
+++ b/scripts/redact-output.sh
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+# Based on: https://github.com/ministryofjustice/opg-org-infra/blob/main/scripts/redact_output.sh
+
+sed -e 's/AWS_SECRET_ACCESS_KEY".*/<REDACTED>/g' \
+    -e 's/AWS_ACCESS_KEY_ID".*/<REDACTED>/g' \
+    -e 's/$AWS_SECRET_ACCESS_KEY".*/<REDACTED>/g' \
+    -e 's/$AWS_ACCESS_KEY_ID".*/<REDACTED>/g' \
+    -e 's/\[id=.*\]/\[id=<REDACTED>\]/g' \
+    -e 's/::[0-9]\{12\}:/::REDACTED:/g' \
+    -e 's/:[0-9]\{12\}:/:REDACTED:/g'
\ No newline at end of file