Summary
When running the monolithprojects.github_actions_runner role very verbo (-vvvv), I can see my GitHub PAT several times in the logs.
Issue Type
Bug Report
Ansible Version
ansible [core 2.19.1]
config file = /home/felix-seifert/repos/gohfert-cluster/ansible.cfg
configured module search path = ['/home/felix-seifert/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/felix-seifert/repos/gohfert-cluster/.venv/lib/python3.13/site-packages/ansible
ansible collection location = /home/felix-seifert/repos/gohfert-cluster/ansible
executable location = /home/felix-seifert/repos/gohfert-cluster/.venv/bin/ansible
python version = 3.13.3 (main, Apr 20 2025, 22:01:09) [GCC 12.2.0] (/home/felix-seifert/repos/gohfert-cluster/.venv/bin/python3)
jinja version = 3.1.6
pyyaml version = 6.0.2 (with libyaml v0.2.5)
Steps to Reproduce
- name: Install GitHub Actions runner
hosts: gha_runners
become: true
vars:
access_token: "{{ github_pat }}"
github_account: "{{ account }}"
github_repo: "{{ repo }}"
runner_user: "{{ gha_runner_user }}"
runner_version: "{{ gha_runner_version }}"
roles:
- role: monolithprojects.github_actions_runnerExpected Results
As the PAT is meant to be secret, it should be masked in the logs.
Actual Results
Running this playbook with `-vvvv` shows me the value of the PAT in the following two tasks:
* TASK [monolithprojects.github_actions_runner : Get registration token (RUN ONCE)]
* TASK [monolithprojects.github_actions_runner : Check currently registered runners for repo (RUN ONCE)]
Summary
When running the
monolithprojects.github_actions_runnerrole very verbo (-vvvv), I can see my GitHub PAT several times in the logs.Issue Type
Bug Report
Ansible Version
Steps to Reproduce
Expected Results
As the PAT is meant to be secret, it should be masked in the logs.
Actual Results