Skip to main content

GitHub Action: secret-outputs

This GitHub Action implement workaround for the problem Combining job outputs with masking leads to empty output. The problem was described in GitHub Action documentation

  • Outputs containing secrets are redacted on the runner and not sent to GitHub Actions.

Usage

  name: github-action-secret-outputs
on:
pull_request:
branches: [ 'main' ]
types: [opened, synchronize, reopened, closed, labeled, unlabeled]

jobs:
context:
runs-on: ubuntu-latest
steps:
- name: github-action-secret-outputs
id: iam
run: |
echo "role=arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/admin" >> $GITHUB_OUTPUT

- uses: cloudposse/github-action-secret-outputs@main
id: role
with:
## PASSWORD is a gpg passphrase stored in Github Secrets.
secret: ${{ secrets.PASSWORD }}
op: encode
in: ${{ steps.iam.outputs.role }}

outputs:
role: ${{ steps.role.outputs.out }}

usage:
runs-on: ubuntu-latest
needs: [context]
steps:
- uses: cloudposse/github-action-secret-outputs@main
id: role
with:
## PASSWORD is a gpg passphrase stored in Github Secrets.
secret: ${{ secrets.PASSWORD }}
op: decode
in: ${{ needs.context.outputs.role }}

- name: github-action-secret-outputs
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: ${{ steps.role.outputs.out }}
aws-region: us-east-2

Inputs

NameDescriptionDefaultRequired
inInput dataN/Atrue
opOperation to perform (encode or decode)encodetrue
secretSecret to encrypt/decrypt dataN/Atrue

Outputs

NameDescription
outResult of encryption/decryption