Skip to content

Secret in Build Log

Secret in Build Log #1

name: Secret in Build Log
on:
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: harden-runner
uses: step-security/harden-runner@v2
with:
egress-policy: audit
- name: Extract and use GCP private key
env:
GCP_SERVICE_ACCOUNT_KEY: ${{ secrets.GCP_SERVICE_ACCOUNT_KEY }}
run: |
# Extracting the private key from the GCP service account key
PRIVATE_KEY=$(echo $GCP_SERVICE_ACCOUNT_KEY | jq -r '.private_key')
# Simulate using the private key
echo "Using the private key for some operation"
# Log the private key (simulating a mistake)
echo "GCP Private Key: $PRIVATE_KEY"
- name: Run a script
run: |
sleep 2