fix: register SOPS-decrypted secrets for CI log redaction #460

Merged

guettlibot merged 1 commits from refs/pull/460/head into main

2026-06-06 03:38:48 +00:00

Author	SHA1	Message	Date
Thomas SharedInboxandClaude Sonnet 4.6	6908606796	fix: register SOPS-decrypted secrets for CI log redaction via ::add-mask:: The Actions runner only redacts values it knows about. Secrets written to GITHUB_ENV via setup_dagger_remote.sh were never registered, so they could appear in plain text in CI logs. Add ::add-mask:: calls for all exported secrets (line-by-line for multiline values like SSH keys) and for the two inline variables DAGGER_SSH_KEY and DAGGER_ENGINE_HOST. Closes #434 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-05 23:40:41 +02:00

Author

SHA1

Message

Date

Thomas SharedInboxandClaude Sonnet 4.6

6908606796

fix: register SOPS-decrypted secrets for CI log redaction via ::add-mask::

The Actions runner only redacts values it knows about. Secrets written to
GITHUB_ENV via setup_dagger_remote.sh were never registered, so they could
appear in plain text in CI logs. Add ::add-mask:: calls for all exported
secrets (line-by-line for multiline values like SSH keys) and for the two
inline variables DAGGER_SSH_KEY and DAGGER_ENGINE_HOST.

Closes #434

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-06-05 23:40:41 +02:00