starred/act

Fork 0

mirror of https://github.com/nektos/act.git synced 2026-04-26 01:15:51 +03:00

[GH-ISSUE #2707] Passing " " (a space) as a SECRET causes " " in output to be masked #1223

New issue

Open

opened 2026-03-01 21:49:47 +03:00 by kerem · 2 comments

kerem commented

2026-03-01 21:49:47 +03:00

Owner

Originally created by @jklap on GitHub (Mar 24, 2025).
Original GitHub issue: https://github.com/nektos/act/issues/2707

Bug report info

act version:            0.2.75

Command used with act

export AWS_ROLE_ARN=" " && act --secret AWS_ROLE_ARN ....

Describe issue

If you pass in a SECRET value with just a single space (ie " ") then all single spaces in the output are masked:

[Publish (non-prod)/Publish] ******✅******Success***-***Main***Repository***Checkout

While masking secrets is obviously important, there a valid scenarios where passing a single space can be valid so maybe we need a rule in the masking logic to ignore this scenario?

Link to GitHub repository

No response

Workflow content

Not relevant to reproduce

Relevant log output

Not relevant to reproduce

Additional information

No response

Originally created by @jklap on GitHub (Mar 24, 2025). Original GitHub issue: https://github.com/nektos/act/issues/2707 ### Bug report info ```plain text act version: 0.2.75 ``` ### Command used with act ```sh export AWS_ROLE_ARN=" " && act --secret AWS_ROLE_ARN .... ``` ### Describe issue If you pass in a SECRET value with just a single space (ie " ") then all single spaces in the output are masked: ``` [Publish (non-prod)/Publish] ******✅******Success***-***Main***Repository***Checkout ``` While masking secrets is obviously important, there a valid scenarios where passing a single space can be valid so maybe we need a rule in the masking logic to ignore this scenario? ### Link to GitHub repository _No response_ ### Workflow content ```yml Not relevant to reproduce ``` ### Relevant log output ```sh Not relevant to reproduce ``` ### Additional information _No response_

kerem added the

kind/bug

label

2026-03-01 21:49:47 +03:00

kerem commented

2026-03-01 21:49:47 +03:00

Author

Owner

@Mrityunjay20 commented on GitHub (May 23, 2025):

Hi @jklap,
If your workflow logic really needs " " as a secret, set a dummy placeholder instead, and transform it within your workflow:

export AWS_ROLE_ARN="<SPACE>"
Then inside your workflow:
AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN == '<SPACE>' && ' ' || secrets.AWS_ROLE_ARN }}
I think this should work

@Mrityunjay20 commented on GitHub (May 23, 2025): Hi @jklap, If your workflow logic really needs " " as a secret, set a dummy placeholder instead, and transform it within your workflow: `export AWS_ROLE_ARN="<SPACE>" ` Then inside your workflow: `AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN == '<SPACE>' && ' ' || secrets.AWS_ROLE_ARN }}` I think this should work

kerem commented

2026-03-01 21:49:47 +03:00

Author

Owner

@jklap commented on GitHub (May 27, 2025):

Thanks, but we do not want to make changes to a workflow with logic specific to act vs logic specific to GitHub itself. Completely eliminates the value of running act locally to test workflows as you aren't testing the same code that would run on GitHub

@jklap commented on GitHub (May 27, 2025): Thanks, but we do not want to make changes to a workflow with logic specific to `act` vs logic specific to GitHub itself. Completely eliminates the value of running `act` locally to test workflows as you aren't testing the same code that would run on GitHub

kerem referenced this issue

2026-03-01 21:52:53 +03:00

[PR #1200] [MERGED] fix: processing of strategy.matrix.include #1835

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/act#1223

No description provided.

Rows
Columns