How to pass masked secrets between steps and jobs in Github Actions

I have below syntax. Since custom action has no access to secrets\env or other context of parent workflow, I have to pass this secret as input. However, this secret is produced in previous step. I need to pass this secret from step1 to step2, I made it via outputs, but it is not masked in with: parameters and dumped into console logs. I tried to export and pass it as env var, but env vars are not shared between steps. If course I can’t set env var on job level since it’s only in step1. Also I can’t merge step1 and step2 , cause I can’t use both run and uses in same step per Github Actions syntax

jobs:
  myjob:
    runs-on: self-hosted
    env:
      env_var: some-value
    steps:
      - name: step1
        shell: bash
        run: |
          export SECRET1=some value
          
      - name: step2
        uses: some-reusable-action
        with:
          token: ${{env.SECRET1}}

There is a workflow command for masking customs strings. Does using that together with the step output solve your problem?

yes. masking worked. My code looks like this

jobs:
  myjob:
    runs-on: self-hosted
    env:
      env_var: some-value
    steps:
      - name: step1
        shell: bash
        id: first_step
        run: |
          TOKEN1=some_value
          echo "::add-mask::$TOKEN1"
          echo "::set-output name=some-token::$TOKEN1"
          
      - name: step2
        uses: some-reusable-action
        with:
          token: ${{steps.first_step.outputs.some-token}}
1 Like

Nice, and thank you for sharing your solution! :slightly_smiling_face: