bug: GitHub PAT is not properly secret #244
Description
Summary
When running the monolithprojects.github_actions_runner role very verbo (-vvvv), I can see my GitHub PAT several times in the logs.
Issue Type
Bug Report
Ansible Version
ansible [core 2.19.1]
config file = /home/felix-seifert/repos/gohfert-cluster/ansible.cfg
configured module search path = ['/home/felix-seifert/.ansible/plugins/modules', '/usr/share/ansible/plugins/modules']
ansible python module location = /home/felix-seifert/repos/gohfert-cluster/.venv/lib/python3.13/site-packages/ansible
ansible collection location = /home/felix-seifert/repos/gohfert-cluster/ansible
executable location = /home/felix-seifert/repos/gohfert-cluster/.venv/bin/ansible
python version = 3.13.3 (main, Apr 20 2025, 22:01:09) [GCC 12.2.0] (/home/felix-seifert/repos/gohfert-cluster/.venv/bin/python3)
jinja version = 3.1.6
pyyaml version = 6.0.2 (with libyaml v0.2.5)Steps to Reproduce
- name: Install GitHub Actions runner
hosts: gha_runners
become: true
vars:
access_token: "{{ github_pat }}"
github_account: "{{ account }}"
github_repo: "{{ repo }}"
runner_user: "{{ gha_runner_user }}"
runner_version: "{{ gha_runner_version }}"
roles:
- role: monolithprojects.github_actions_runnerExpected Results
As the PAT is meant to be secret, it should be masked in the logs.
Actual Results
Running this playbook with `-vvvv` shows me the value of the PAT in the following two tasks:
* TASK [monolithprojects.github_actions_runner : Get registration token (RUN ONCE)]
* TASK [monolithprojects.github_actions_runner : Check currently registered runners for repo (RUN ONCE)]