Closed danstis closed 1 month ago
When I use this step with the example:
- name: Replace tokens uses: qetza/replacetokens-action@v1 id: replacetokens with: sources: ~/somefile.yml variables: '[${{ toJSON(vars) }},${{ toJSON(secrets) }}]' if-no-files-found: 'error' recursive: 'true'
The logs of the action include all of the secrets in an unredacted form in my GitHub Environment:
There should be a way to pass in secrets without being logged into the output of the workflow.
Ignore me, I had them saved as variables not secrets... 😳
When I use this step with the example:
The logs of the action include all of the secrets in an unredacted form in my GitHub Environment:
There should be a way to pass in secrets without being logged into the output of the workflow.