Skip to content

Docs: add warning about masking tokens in GitHub Actions (Fix #213) #335

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Docs: add warning about masking tokens in GitHub Actions (Fix #213) #335

wants to merge 1 commit into from

Conversation

@BurramsettyAkshayaPranathi
Copy link

Resolves #213

Before the change?

-The README did not warn users that tokens generated by this action (e.g., from POST /repos/{owner}/{repo}/actions/runners/registration-token) could appear in GitHub Actions logs. Users could accidentally expose sensitive tokens.

After the change?

-Added a warning note in the README immediately after the minimal example usage, showing how to manually mask tokens to prevent them from appearing in workflow logs.

Pull request checklist

  • Tests for the changes have been added (for bug fixes / features)
  • [ X] Docs have been reviewed and added / updated if needed (for bug fixes / features)

Does this introduce a breaking change?

Please see our docs on breaking changes to help!

  • Yes
  • [ X] No

@github-actions
Copy link

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

@BurramsettyAkshayaPranathi
Copy link
Author

Hi! Could you please review this PR when you get a chance?
Thank you!
Kindly add the hacktoberfest-accepted label if it meets the requirements.

@BurramsettyAkshayaPranathi
Copy link
Author

Hi! Could you please review this PR when you get a chance?
Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

🧰 Octokit Active
Status: 🆕 Triage

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG]: sensitive output (actions/runners/registration-token) can't be masked

1 participant

@BurramsettyAkshayaPranathi