Masked secrets leaked in error logs #2265
Description
Describe the bug
A clear and concise description of what the bug is.
Runners are leaking the masked secrets in error logs.
To Reproduce
Steps to reproduce the behavior:
The secret (a token for a GitHub App) is masked and available under environment variable as masked secret which is being used in Terraform scripts. In case the Terraform script is throwing error, this value of this secret is being displayed in clear text.
Expected behavior
A clear and concise description of what you expected to happen.
Masked secret should never be visible in github action workflow logs.
Runner Version and Platform
Version of your runner?
v2.299.1
OS of the machine running the runner? OSX/Windows/Linux/...
Linux-x64
What's not working?
Please include error messages and screenshots.
Job Log Output
If applicable, include the relevant part of the job / step log output here. All sensitive information should already be masked out, but please double-check before pasting here.
Runner and Worker's Diagnostic Logs
If applicable, add relevant diagnostic log information. Logs are located in the runner's _diag folder. The runner logs are prefixed with Runner_ and the worker logs are prefixed with Worker_. Each job run correlates to a worker log. All sensitive information should already be masked out, but please double-check before pasting here.