Open elcuervo opened 10 months ago
We should amend the commits to redact this off if it's considered sensitive.
I can see lots of prominent examples of these being left out in the open: https://github.com/search?q=dkr.ecr.us-west-2.amazonaws.com+language%3AShell&type=code&l=Shell
Is there AWS documentation/similar explaining why this should be considered sensitive?
Edit: It may also not hide it from the Docker logs: https://github.com/unsplash/mercury/actions/runs/6199893624/job/16833399222#step:5:55
Login Succeeded
The push refers to repository [060568373025.dkr.ecr.us-west-2.amazonaws.com/mercury]
[...]
Removes the hard coded repo target. Not much of a secret anymore but at least is not there.