Skip to content

Docs: add warning about masking tokens in GitHub Actions (Fix #213) #335

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
BurramsettyAkshayaPranathi wants to merge 1 commit into from
Closed

Docs: add warning about masking tokens in GitHub Actions (Fix #213) #335

BurramsettyAkshayaPranathi wants to merge 1 commit into from

Conversation

@BurramsettyAkshayaPranathi
Copy link

@BurramsettyAkshayaPranathi BurramsettyAkshayaPranathi commented Oct 23, 2025

Resolves #213

Before the change?

-The README did not warn users that tokens generated by this action (e.g., from POST /repos/{owner}/{repo}/actions/runners/registration-token) could appear in GitHub Actions logs. Users could accidentally expose sensitive tokens.

After the change?

-Added a warning note in the README immediately after the minimal example usage, showing how to manually mask tokens to prevent them from appearing in workflow logs.

Pull request checklist

  • Tests for the changes have been added (for bug fixes / features)
  • [ X] Docs have been reviewed and added / updated if needed (for bug fixes / features)

Does this introduce a breaking change?

Please see our docs on breaking changes to help!

  • Yes
  • [ X] No

@github-actions
Copy link

github-actions bot commented Oct 23, 2025

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀

@BurramsettyAkshayaPranathi
Copy link
Author

BurramsettyAkshayaPranathi commented Oct 28, 2025

Hi! Could you please review this PR when you get a chance?
Thank you!
Kindly add the hacktoberfest-accepted label if it meets the requirements.

@BurramsettyAkshayaPranathi
Copy link
Author

BurramsettyAkshayaPranathi commented Oct 29, 2025

Hi! Could you please review this PR when you get a chance?
Thank you!

1 similar comment
@BurramsettyAkshayaPranathi
Copy link
Author

BurramsettyAkshayaPranathi commented Nov 24, 2025

Hi! Could you please review this PR when you get a chance?
Thank you!

@BurramsettyAkshayaPranathi BurramsettyAkshayaPranathi closed this by deleting the head repository Jan 7, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

🧰 Octokit Active
Status: 🆕 Triage

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

[BUG]: sensitive output (actions/runners/registration-token) can't be masked

1 participant

@BurramsettyAkshayaPranathi