A GitHub action that my team is developing is writing a URL to the console logs of the workflow. The URL contains a GUID, which is replaced by *** in the workflow. Due to this when we click on the URL, it does not work. Can someone help how we can avoid this from happening in the logs?
Do you have any GitHub Actions secrets with this GUID as value? They get masked automatically. It’s also possible to mask additional values but I suppose you aren’t using that feature?
One of the secret is a JSON, which also contains this GUID. This was working fine till last week. I’m seeing this happen since a couple of days. Is there no way to unmask it from the logs?
The documentation explicitly recommends not putting structured data like JSON into secrets because it can mess with secret masking:
To help ensure that GitHub redacts your secret in logs, avoid using structured data as the values of secrets. For example, avoid creating secrets that contain JSON or encoded Git blobs.
My preferred approach is to put only the actually secret parts elements into the secret, and then use those to create the full JSON file from a template.
Another possibility is to encrypt the JSON file and commit it to the repository, and have the workflow decrypt it using a key stored in a secret (see Limits for Secrets). The disadvantage of that is higher complexity, and that you’ll have to manually mask the secret parts.
Thanks for the suggestions. I would like to know if there’s a way to hyperlink in the logs, instead of displaying the URL.
For example, GitHub
If yes, would this work with the secrets issue mentioned earlier?