ssh-agent icon indicating copy to clipboard operation
ssh-agent copied to clipboard
verified publisher icon webfactory

Public key fingerprints are printed in the logs/output

Open TheCleric opened this issue 4 years ago • 3 comments

When running this action I see my public key printed in the logs. Granted it is a public key, but this is less than ideal if one does not want to share this information with whoever can view the action result. Ideally this would be configurable with some sort of silent option that suppresses this message.

TheCleric avatar Nov 17 '21 22:11 TheCleric

This has been raised a few times before... Having the key fingerprints in the output helps with debugging, and since it is a public key fingerprint, should not be an issue security-wise?

mpdude avatar Nov 18 '21 11:11 mpdude

Like I said, just having an option to disable it would be nice.

TheCleric avatar Nov 23 '21 17:11 TheCleric

appending to this one. it is very crucial to not expose ssh keys public or private to any saved logs, it should be masked, please consider adding this feature.

mikejoseph-ef avatar May 31 '22 12:05 mikejoseph-ef