Variable with name containing the phrase 'SECRET' is masked by GitHub Actions #62605
Replies: 2 comments 2 replies
-
This might be part of the secret scanning that prevents accidental API key spills. Under the hood, this is a bit secretive as malicious scrapers will look at what things they censor and know to not search for those terms thus making their exploits more effective. https://docs.github.com/en/code-security/secret-scanning/about-secret-scanning |
Beta Was this translation helpful? Give feedback.
-
🕒 Discussion Activity Reminder 🕒 This Discussion has been labeled as dormant by an automated system for having no activity in the last 60 days. Please consider one the following actions: 1️⃣ Close as Out of Date: If the topic is no longer relevant, close the Discussion as 2️⃣ Provide More Information: Share additional details or context — or let the community know if you've found a solution on your own. 3️⃣ Mark a Reply as Answer: If your question has been answered by a reply, mark the most helpful reply as the solution. Note: This dormant notification will only apply to Discussions with the Thank you for helping bring this Discussion to a resolution! 💬 |
Beta Was this translation helpful? Give feedback.
-
Select Topic Area
Question
Body
Hello!
I discovered by accident that a variable name containing the phrase 'SECRET' is automatically masked when you try and echo it.
However, Ive been unable to locate documentation for this feature, so I am not sure if it is safe to use. It would certainly be prefereable to using ::add-mask.
If anyone has seen the docs to this, I'd appreciate a link to it.
best regards.
Ed
Beta Was this translation helpful? Give feedback.
All reactions