TF-via-PR icon indicating copy to clipboard operation
TF-via-PR copied to clipboard
verified publisher icon DevSecTop

GitHub secrets exposed in PR comments

Open garysassano opened this issue 1 year ago • 0 comments

Describe the bug

There is a critical issue that needs immediate attention. When a GitHub secret is passed in via the arg_env input parameter, it gets automatically redacted in Job Summaries. However, this redaction does not occur in the PR comments posted by the tf-via-pr action.

Screenshots

alt text

alt text

garysassano avatar Aug 15 '24 07:08 garysassano