Credentials are being written to log output #2572
Description
When running digger with aws_role_to_assume, the temporary credentials, valid for 1 hour, are written in clear text to the log output, in lines all looking like the following:
time=2026-02-13T09:07:00.163Z level=INFO msg="Running OpenTofu command" command.binary=tofu command.args="[<tofu-command> -backend-config=access_key=<access-key> -backend-config=secret_key=<secret-key> -backend-config=token=<session-token> -input=false -no-color]" command.workingDir=/home/runner/work/<repo>/<repo>
Pleas mask the secret_key and the token, leaving the access_key open may help with debugging.