Command help can expose sensitive credentials #16
Description
If sensitive parameters (e.g. GitHub access token) is passed by environment variable, then the help page includes this information as a "default" value. Sensitive values should not be exposed here, in case a mistake causes the help page to be displayed.
e.g.
...
-token string
Github access token (default "01234567890abcdef")
...
2020/05/07 16:29:56 -sha or GITHUB_COMMIT_SHA required