SShortSingh.
TopTechnologyAI & MLStartupsProgrammingScienceBusinessFinanceCrypto & Web3World
Back to feed
Programming

How to Recover a GitHub Actions Secret Using Hex Encoding to Bypass Masking

0
·1 views

GitHub hides secret values after they are saved, allowing only overwrites, which can be problematic if the stored secret is the sole surviving copy of a critical credential. While GitHub masks both plain and base64-encoded forms of secrets in workflow logs, its masking system only blocks output formats it can predict in advance. A developer-shared workaround involves encoding the secret as a hex dump, reversed string, or spaced characters inside a workflow file, none of which match the registered mask patterns. Running such a workflow via the Actions tab exposes the encoded value in logs, which can then be decoded locally to retrieve the original secret. GitHub acknowledges that workflow secret masking is best-effort rather than a security boundary, since any user with workflow-run access can emit secrets in arbitrary encodings.

Read the full story at DEV Community

This is an AI-generated summary. ShortSingh links to the original source for the complete article.

Discussion (0)

Log in to join the discussion and vote.

Log in

Related stories

0
ProgrammingDEV Community ·

How to Fix FastAPI Bottlenecks in Auth, Cryptography, and Serialization

A performance-focused guide for FastAPI developers highlights three key areas where Python applications commonly slow down: authentication flows, cryptographic operations, and data serialization. The article recommends offloading CPU-intensive tasks like Argon2id password hashing to a ThreadPoolExecutor to prevent blocking the asyncio event loop. For token signing, Ed25519 is presented as significantly faster than RSA-2048, with token caching suggested to offset its slower verification speed. Replacing FastAPI's default Pydantic serialization with msgspec can yield up to five times faster performance on data-heavy responses. The guide also emphasizes using profiling tools like py-spy to identify real bottlenecks rather than relying on guesswork when optimizing Python services.

0 comments Read more at DEV Community
0
ProgrammingDEV Community ·

Knowledge and Memory Management v0.0.2 Adds Portable Paths and Unified Collectors

Version 0.0.2 of the Knowledge and Memory Management system has been released, introducing a major shift toward portability by replacing hardcoded directory paths with a standardized $AGENT_HOME environment variable. The update makes it easier to share agent configurations across team members, CI pipelines, and containerized environments without manual path reconfiguration. The release includes source-specific collector modules for web pages, videos, and articles, all exporting a consistent interface with built-in deduplication and metadata normalization. Memory management is powered by a hybrid vector-store and key-value index, using HNSW-based vector search and semantic similarity checks to avoid duplicate entries. Retrieval supports both dense vector search and keyword filtering, with results ranked by cosine similarity and weighted by source freshness.

0 comments Read more at DEV Community
0
ProgrammingDEV Community ·

Hugging Face Highlights AI Shift Toward Memory, Action, and Adaptive Systems

On June 28, 2026, Hugging Face's top-upvoted research papers reflected a clear trend: AI is evolving from models that answer questions to systems that act, remember, and adapt. Among the standout papers was a framework for evaluating long-term memory in AI agents, addressing gaps in how agents store, retrieve, update, and forget information. Another notable paper, DanceOPD, proposed an on-policy distillation method for flow-matching models, enabling a single model to handle text-to-image generation and both local and global editing without capability conflicts. A third paper, DomainShuttle, tackled subject-driven text-to-video generation, focusing on preserving identity across in-domain and cross-domain contexts using mechanisms like domain-aware AdaLN. Together, these papers signal a broader research push toward AI systems capable of sustained, context-aware, and multi-modal operation.

0 comments Read more at DEV Community
0
ProgrammingHacker News ·

New Findings Strengthen Case for Ancient Life on Mars, But Proof Remains Elusive

Scientists have uncovered additional evidence suggesting Mars may have once harbored life, though definitive proof remains out of reach. The findings add to a growing body of research pointing to conditions on Mars that could have supported biological activity in the past. Researchers continue to analyze data and samples in the search for conclusive signs of past or present life on the Red Planet. The study was reported by CBC's Quirks & Quarks, which covers ongoing developments in Mars exploration science.

0 comments Read more at Hacker News