You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
These strings leaking has been a known issue since at least 5 years (See github issue: actions/runner#475) regardless of whether or not this will ever be fixed the least that can be done is give the user a heads up that these 2 use cases will not mask the values. (Removing the 2 sections in their entirety might also be an option 🤔).
Copy file name to clipboardExpand all lines: content/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions.md
+4Lines changed: 4 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -289,6 +289,7 @@ Write-Output "::add-mask::Mona The Octocat"
289
289
290
290
> [!WARNING]
291
291
> Make sure you register the secret with 'add-mask' before outputting it in the build logs or using it in any other workflow commands.
292
+
> This will still leak the string initialy as part of the echo statment.
292
293
293
294
### Example: Masking an environment variable
294
295
@@ -324,6 +325,9 @@ jobs:
324
325
325
326
{% endpowershell %}
326
327
328
+
> [!WARNING]
329
+
> This will still leak the string as part of the env.
330
+
327
331
### Example: Masking a generated output within a single job
328
332
329
333
If you do not need to pass your secret from one job to another job, you can:
0 commit comments