Echoing JSON output

While attempting to echo out some JSON responses that are stored in environment variables to aid in debugging a workflow, I’ve noticed that GitHub appears to be masking the curly braces with 3 asterisks instead. Naturally, this makes reading the JSON rather difficult.

Is this intentional? Is there a simple way to prevent this from happening?

That might happen if you have a secret that matches the masked string, or something sets such a mask via workflow commands. I can’t say for sure if that’s the case because I can’t see your secrets, but it’s likely.

1 Like

Brilliant. That’s exactly what it was. My workflows use the Azure login action. The credentials are passed into the action as a JSON object stored in a GitHub secret. My secret had the opening and closing curly braces on separate lines causing GitHub to treat the characters as sensitive.

Changing the value so that the curly braces are on the same line as the first/last JSON property resolved the issue. I also opened an issue against the action to update their documentation. I suspect I’m not that only one scratching their heads over this.

1 Like

That is something the documentation cautions against:

To help ensure that GitHub redacts your secret in logs, avoid using structured data as the values of secrets. For example, avoid creating secrets that contain JSON or encoded Git blobs.

Not sure why it’s in the “Naming your secrets” section, though. :sweat_smile:

Yes, I’m aware the documentation advises against it. But that’s how Microsoft designed their action, so…

There’s an outstanding feature request on that action to accept the values as separate properties which would also resolve the issue (while providing better protection against leaking secrets into logs…)

1 Like