When running Terraform workflows in GitHub Actions, it’s common to inject Azure Service Principal (SP) credentials dynamically by fetching them from Azure Key Vault and setting them as environment variables. Typically, secrets stored in GitHub Secrets are automatically masked in workflow logs. However, if secrets are fetched dynamically at runtime and written to the GITHUB_ENV file, they are not masked by default and may appear in logs if accidentally printed.
Full Changelog: https://github.com/devwithkrishna/terraform-azure-authentication-action/commits/v1.0.0