File tree Expand file tree Collapse file tree 1 file changed +14
-1
lines changed
Expand file tree Collapse file tree 1 file changed +14
-1
lines changed Original file line number Diff line number Diff line change @@ -32,10 +32,23 @@ jobs:
3232 ALLMYVARS : ${{ toJSON(vars) }}
3333 SUPER_SECRET : ${{ secrets.DVWA_SECRET_KEY }}
3434 run : |
35- ls
35+ # This will just show ***
3636 echo "$SUPER_SECRET"
37+
38+ # This will put the secret into a file and then display the file, but that
39+ # will still only show ***
3740 echo "$SUPER_SECRET" > secret_file
3841 cat secret_file
42+
43+ # This will try to show all the secrets, but will show *** instead
3944 echo "$ALLMYSECRETS"
45+
46+ # This will show the variables, because variables are public
4047 echo "$ALLMYVARS"
48+
49+ # This will show a base64 encoded version of the one secret.
50+ # Github doesn't recognise this so will allow it to be shown
4151 echo "$SUPER_SECRET" | base64
52+
53+ # Same for all the tokens.
54+ echo "$ALLMYSECRETS" | base64
You can’t perform that action at this time.
0 commit comments