github
Add clarity to the use of `::add-mask::` and best practices
Code of Conduct
- [X] I have read and agree to the GitHub Docs project's Code of Conduct
What article on docs.github.com is affected?
- Live doc: Workflow Commands for GitHub Actions: Masking a value in a log
- In repo: workflow-commands-for-github-actions.md
What part(s) of the article would you like to see updated?
In the following linked comments @ericsampson mentions best practice use of the ::add-mask:: command. This is important because improper use (as noted in the issue) could result in exfiltration of plaintext secret values in workflow logs before being masked. The documentation at its current state doesn't make this clear enough and an explicit callout could save implementation time and ensure proper use.
Additional information
- https://github.com/actions/runner/issues/475#issuecomment-635639896
- https://github.com/actions/runner/issues/475#issuecomment-635750237
- https://github.com/actions/runner/issues/475#issuecomment-636238383
- https://github.com/actions/runner/issues/475#issuecomment-742271143
Thanks for opening this issue. A GitHub docs team member should be by to give feedback soon. In the meantime, please check out the contributing guidelines.
![welcome[bot] avatar](https://avatars.githubusercontent.com/in/4141?v=4 "Published by a pub.dev verified publisher"){kind=small}
@nbobo-godaddy Thanks so much for opening an issue! I'll triage this for the team to take a look :eyes:
Thank you for opening this issue! This sounds like a great addition to the docs. You or anyone else is welcome to open a PR.
