Skip to content

Commit c46b17d

Browse files
SWhyteAnswerSWhyteAnswer
committed
[NDR-104] adding masks
1 parent df5ee23 commit c46b17d

File tree

1 file changed

+8
-0
lines changed

1 file changed

+8
-0
lines changed

.github/workflows/terraform-dev-to-main-ci.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -94,6 +94,13 @@ jobs:
9494
fi
9595
done || echo "No Account IDs found to mask."
9696
97+
# Mask PEM-encoded certificate blocks
98+
grep -Poz '(?s)-----BEGIN CERTIFICATE-----.*?-----END CERTIFICATE-----' tfplan.txt | while read -r cert_block; do
99+
if [ -n "$cert_block" ]; then
100+
echo "::add-mask::$cert_block"
101+
fi
102+
done || echo "No PEM certificates found to mask."
103+
97104
# Mask GitHub secrets
98105
echo "::add-mask::${{ secrets.AWS_ASSUME_ROLE }}"
99106
echo "::add-mask::${{ secrets.GITHUB_TOKEN }}"
@@ -125,6 +132,7 @@ jobs:
125132
PLAN_FULL=$(echo "$PLAN_FULL" | sed -E 's/[0-9]{12}/[REDACTED_AWS_ACCOUNT_ID]/g')
126133
PLAN_FULL=$(echo "$PLAN_FULL" | sed -E 's#https://[a-zA-Z0-9.-]+\.lambda\.amazonaws\.com/[a-zA-Z0-9/._-]+#[REDACTED_LAMBDA_URL]#g')
127134
PLAN_FULL=$(echo "$PLAN_FULL" | sed -E 's#https://[a-zA-Z0-9.-]+\.execute-api\.[a-zA-Z0-9.-]+\.amazonaws\.com/[a-zA-Z0-9/._-]*#[REDACTED_API_GATEWAY_URL]#g')
135+
PLAN_FULL=$(echo "$PLAN_FULL" | sed -E '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/s/.*/[REDACTED_PEM_CERT]/')
128136
129137
echo "PLAN<<EOF" >> $GITHUB_ENV
130138
echo "${PLAN_FULL::$LENGTH}" >> $GITHUB_ENV

0 commit comments

Comments
 (0)