Help
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Copilot Lvl 2
Message 1 of 3

Hide workflow logs from other users

Hello world,

 

Is there a way to hide the ALL workflow logs from all users except for users with access to the repository?

 

I want to keep my project public.

Which means the workflow status is also public under Actions tab.

 

The workflow logs are hidden for non-authenticated users.

But any users can view the workflow logs once they login to GitHub.

This seems like a potential security issue.

 

I want to be able to access the log in case of failures during development, but always hide potential sensitive information from leaking to the public.

 

For example the actions/checkout@v2 action will log the Author's email address which may be desired to be kept private.

image.png

 

Only solution that I can think of at the moment is to make the repository private but I want to keep the project visible to the public. I just want to hide the workflow logs from other users and keep it private.

2 Replies
Highlighted
Pilot Lvl 3
Message 2 of 3

Re: Hide workflow logs from other users

I fear there may be a misunderstanding regarding the privacy of email addresses in git. The author details (including email) are part of the commit, so they will also be available to anyone who clones your repository, which for a public repository doesn't even require a Github account.

 

Github does offer a way to hide your email address by using a pseudo address associated with your account, see help on Setting your commit email address for details. Note however that this does not remove existing history. Rewriting history to remove private information is possible but will cause issues for anyone who already cloned the repository, see Changing author info.

Highlighted
GitHub Partner
Message 3 of 3

Re: Hide workflow logs from other users

You could consider add the email address and other potential sensitive information to secrets and then use the secrets in your workflow. All secrets variables will be masked automatically in logs. But there is no way to hide the whole logs of a public repo to logged in GitHub Users.