Add secret-masking frontmatter field for custom redaction steps (#2881)

Copilot · web-flow · commit cf222c2d092d · 2025-10-31T09:07:54.000-07:00
diff --git a/.github/workflows/shared/secret-redaction-test.md b/.github/workflows/shared/secret-redaction-test.md
@@ -0,0 +1,12 @@
+---
+secret-masking:
+  steps:
+    - name: Redact dummy password pattern
+      if: always()
+      run: |
+        echo "Searching for dummy password patterns in /tmp/gh-aw/"
+        find /tmp/gh-aw -type f -exec sed -i 's/password123/REDACTED/g' {} + 2>/dev/null || true
+        echo "Secret masking complete"
+---
+
+This shared workflow provides additional secret redaction steps to mask dummy password patterns in generated files.
diff --git a/.github/workflows/test-secret-masking.lock.yml b/.github/workflows/test-secret-masking.lock.yml
diff --git a/.github/workflows/test-secret-masking.md b/.github/workflows/test-secret-masking.md
@@ -0,0 +1,14 @@
+---
+on: workflow_dispatch
+permissions:
+  contents: read
+engine: copilot
+imports:
+  - shared/secret-redaction-test.md
+---
+
+# Test Secret Masking Workflow
+
+This workflow tests the secret-masking feature by importing custom secret redaction steps.
+
+The imported steps will search for and replace the pattern "password123" with "REDACTED" in all files under /tmp/gh-aw/.
diff --git a/docs/src/content/docs/reference/frontmatter-full.md b/docs/src/content/docs/reference/frontmatter-full.md
@@ -1740,6 +1740,14 @@ safe-outputs:
   # (optional)
   runs-on: "example-value"
 
+# Configuration for secret redaction behavior in workflow outputs and artifacts
+# (optional)
+secret-masking:
+  # Additional secret redaction steps to inject after the built-in secret redaction.
+  # Use this to mask secrets in generated files using custom patterns.
+  # (optional)
+  steps: []
+
 # Repository access roles required to trigger agentic workflows. Defaults to
 # ['admin', 'maintainer', 'write'] for security. Use 'all' to allow any
 # authenticated user (⚠️ security consideration).
diff --git a/docs/src/content/docs/status.mdx b/docs/src/content/docs/status.mdx
@@ -65,6 +65,7 @@ Browse the [workflow source files](https://github.com/githubnext/gh-aw/tree/main
 | [Test jqschema](https://github.com/githubnext/gh-aw/blob/main/.github/workflows/test-jqschema.md) | copilot | [![Test jqschema](https://github.com/githubnext/gh-aw/actions/workflows/test-jqschema.lock.yml/badge.svg)](https://github.com/githubnext/gh-aw/actions/workflows/test-jqschema.lock.yml) | - | - |
 | [Test Ollama Threat Scanning](https://github.com/githubnext/gh-aw/blob/main/.github/workflows/test-ollama-threat-detection.md) | copilot | [![Test Ollama Threat Scanning](https://github.com/githubnext/gh-aw/actions/workflows/test-ollama-threat-detection.lock.yml/badge.svg)](https://github.com/githubnext/gh-aw/actions/workflows/test-ollama-threat-detection.lock.yml) | - | - |
 | [Test Post-Steps Workflow](https://github.com/githubnext/gh-aw/blob/main/.github/workflows/test-post-steps.md) | copilot | [![Test Post-Steps Workflow](https://github.com/githubnext/gh-aw/actions/workflows/test-post-steps.lock.yml/badge.svg)](https://github.com/githubnext/gh-aw/actions/workflows/test-post-steps.lock.yml) | - | - |
+| [Test Secret Masking Workflow](https://github.com/githubnext/gh-aw/blob/main/.github/workflows/test-secret-masking.md) | copilot | [![Test Secret Masking Workflow](https://github.com/githubnext/gh-aw/actions/workflows/test-secret-masking.lock.yml/badge.svg)](https://github.com/githubnext/gh-aw/actions/workflows/test-secret-masking.lock.yml) | - | - |
 | [Test Svelte MCP](https://github.com/githubnext/gh-aw/blob/main/.github/workflows/test-svelte.md) | copilot | [![Test Svelte MCP](https://github.com/githubnext/gh-aw/actions/workflows/test-svelte.lock.yml/badge.svg)](https://github.com/githubnext/gh-aw/actions/workflows/test-svelte.lock.yml) | - | - |
 | [The Daily Repository Chronicle](https://github.com/githubnext/gh-aw/blob/main/.github/workflows/daily-repo-chronicle.md) | copilot | [![The Daily Repository Chronicle](https://github.com/githubnext/gh-aw/actions/workflows/daily-repo-chronicle.lock.yml/badge.svg)](https://github.com/githubnext/gh-aw/actions/workflows/daily-repo-chronicle.lock.yml) | `0 16 * * 1-5` | - |
 | [Tidy](https://github.com/githubnext/gh-aw/blob/main/.github/workflows/tidy.md) | copilot | [![Tidy](https://github.com/githubnext/gh-aw/actions/workflows/tidy.lock.yml/badge.svg)](https://github.com/githubnext/gh-aw/actions/workflows/tidy.lock.yml) | - | - |
diff --git a/pkg/parser/frontmatter.go b/pkg/parser/frontmatter.go
@@ -90,18 +90,19 @@ type FrontmatterResult struct {
 
 // ImportsResult holds the result of processing imports from frontmatter
 type ImportsResult struct {
-	MergedTools       string   // Merged tools configuration from all imports
-	MergedMCPServers  string   // Merged mcp-servers configuration from all imports
-	MergedEngines     []string // Merged engine configurations from all imports
-	MergedSafeOutputs []string // Merged safe-outputs configurations from all imports
-	MergedMarkdown    string   // Merged markdown content from all imports
-	MergedSteps       string   // Merged steps configuration from all imports
-	MergedRuntimes    string   // Merged runtimes configuration from all imports
-	MergedServices    string   // Merged services configuration from all imports
-	MergedNetwork     string   // Merged network configuration from all imports
-	MergedPermissions string   // Merged permissions configuration from all imports
-	ImportedFiles     []string // List of imported file paths (for manifest)
-	AgentFile         string   // Path to custom agent file (if imported)
+	MergedTools         string   // Merged tools configuration from all imports
+	MergedMCPServers    string   // Merged mcp-servers configuration from all imports
+	MergedEngines       []string // Merged engine configurations from all imports
+	MergedSafeOutputs   []string // Merged safe-outputs configurations from all imports
+	MergedMarkdown      string   // Merged markdown content from all imports
+	MergedSteps         string   // Merged steps configuration from all imports
+	MergedRuntimes      string   // Merged runtimes configuration from all imports
+	MergedServices      string   // Merged services configuration from all imports
+	MergedNetwork       string   // Merged network configuration from all imports
+	MergedPermissions   string   // Merged permissions configuration from all imports
+	MergedSecretMasking string   // Merged secret-masking steps from all imports
+	ImportedFiles       []string // List of imported file paths (for manifest)
+	AgentFile           string   // Path to custom agent file (if imported)
 }
 
 // ExtractFrontmatterFromContent parses YAML frontmatter from markdown content string
@@ -409,6 +410,7 @@ func ProcessImportsFromFrontmatterWithManifest(frontmatter map[string]any, baseD
 	var servicesBuilder strings.Builder
 	var networkBuilder strings.Builder
 	var permissionsBuilder strings.Builder
+	var secretMaskingBuilder strings.Builder
 	var engines []string
 	var safeOutputs []string
 	var processedFiles []string
@@ -550,21 +552,28 @@ func ProcessImportsFromFrontmatterWithManifest(frontmatter map[string]any, baseD
 		if err == nil && permissionsContent != "" && permissionsContent != "{}" {
 			permissionsBuilder.WriteString(permissionsContent + "\n")
 		}
+
+		// Extract secret-masking from imported file
+		secretMaskingContent, err := extractSecretMaskingFromContent(string(content))
+		if err == nil && secretMaskingContent != "" && secretMaskingContent != "{}" {
+			secretMaskingBuilder.WriteString(secretMaskingContent + "\n")
+		}
 	}
 
 	return &ImportsResult{
-		MergedTools:       toolsBuilder.String(),
-		MergedMCPServers:  mcpServersBuilder.String(),
-		MergedEngines:     engines,
-		MergedSafeOutputs: safeOutputs,
-		MergedMarkdown:    markdownBuilder.String(),
-		MergedSteps:       stepsBuilder.String(),
-		MergedRuntimes:    runtimesBuilder.String(),
-		MergedServices:    servicesBuilder.String(),
-		MergedNetwork:     networkBuilder.String(),
-		MergedPermissions: permissionsBuilder.String(),
-		ImportedFiles:     processedFiles,
-		AgentFile:         agentFile,
+		MergedTools:         toolsBuilder.String(),
+		MergedMCPServers:    mcpServersBuilder.String(),
+		MergedEngines:       engines,
+		MergedSafeOutputs:   safeOutputs,
+		MergedMarkdown:      markdownBuilder.String(),
+		MergedSteps:         stepsBuilder.String(),
+		MergedRuntimes:      runtimesBuilder.String(),
+		MergedServices:      servicesBuilder.String(),
+		MergedNetwork:       networkBuilder.String(),
+		MergedPermissions:   permissionsBuilder.String(),
+		MergedSecretMasking: secretMaskingBuilder.String(),
+		ImportedFiles:       processedFiles,
+		AgentFile:           agentFile,
 	}, nil
 }
 
@@ -1024,6 +1033,11 @@ func ExtractPermissionsFromContent(content string) (string, error) {
 	return extractFrontmatterField(content, "permissions", "{}")
 }
 
+// extractSecretMaskingFromContent extracts secret-masking section from frontmatter as JSON string
+func extractSecretMaskingFromContent(content string) (string, error) {
+	return extractFrontmatterField(content, "secret-masking", "{}")
+}
+
 // extractFrontmatterField extracts a specific field from frontmatter as JSON string
 func extractFrontmatterField(content, fieldName, emptyValue string) (string, error) {
 	result, err := ExtractFrontmatterFromContent(content)
diff --git a/pkg/parser/schemas/included_file_schema.json b/pkg/parser/schemas/included_file_schema.json
@@ -257,6 +257,21 @@
       },
       "additionalProperties": false
     },
+    "secret-masking": {
+      "type": "object",
+      "description": "Secret masking configuration to be merged with main workflow",
+      "properties": {
+        "steps": {
+          "type": "array",
+          "description": "Additional secret redaction steps to inject after the built-in secret redaction",
+          "items": {
+            "type": "object",
+            "additionalProperties": true
+          }
+        }
+      },
+      "additionalProperties": false
+    },
     "runtimes": {
       "type": "object",
       "description": "Runtime environment version overrides. Allows customizing runtime versions (e.g., Node.js, Python) or defining new runtimes. Merged with main workflow runtimes.",
diff --git a/pkg/parser/schemas/main_workflow_schema.json b/pkg/parser/schemas/main_workflow_schema.json
@@ -2904,6 +2904,28 @@
       },
       "additionalProperties": false
     },
+    "secret-masking": {
+      "type": "object",
+      "description": "Configuration for secret redaction behavior in workflow outputs and artifacts",
+      "properties": {
+        "steps": {
+          "type": "array",
+          "description": "Additional secret redaction steps to inject after the built-in secret redaction. Use this to mask secrets in generated files using custom patterns.",
+          "items": {
+            "$ref": "#/properties/githubActionsStep"
+          },
+          "examples": [
+            [
+              {
+                "name": "Redact custom secrets",
+                "run": "find /tmp/gh-aw -type f -exec sed -i 's/password123/REDACTED/g' {} +"
+              }
+            ]
+          ]
+        }
+      },
+      "additionalProperties": false
+    },
     "roles": {
       "description": "Repository access roles required to trigger agentic workflows. Defaults to ['admin', 'maintainer', 'write'] for security. Use 'all' to allow any authenticated user (\u26a0\ufe0f security consideration).",
       "oneOf": [
diff --git a/pkg/workflow/compiler.go b/pkg/workflow/compiler.go
@@ -170,26 +170,27 @@ type WorkflowData struct {
 	EngineConfig        *EngineConfig // Extended engine configuration
 	AgentFile           string        // Path to custom agent file (from imports)
 	StopTime            string
-	Command             string              // for /command trigger support
-	CommandEvents       []string            // events where command should be active (nil = all events)
-	CommandOtherEvents  map[string]any      // for merging command with other events
-	AIReaction          string              // AI reaction type like "eyes", "heart", etc.
-	Jobs                map[string]any      // custom job configurations with dependencies
-	Cache               string              // cache configuration
-	NeedsTextOutput     bool                // whether the workflow uses ${{ needs.task.outputs.text }}
-	NetworkPermissions  *NetworkPermissions // parsed network permissions
-	SafeOutputs         *SafeOutputsConfig  // output configuration for automatic output routes
-	Roles               []string            // permission levels required to trigger workflow
-	CacheMemoryConfig   *CacheMemoryConfig  // parsed cache-memory configuration
-	SafetyPrompt        bool                // whether to include XPIA safety prompt (default true)
-	Runtimes            map[string]any      // runtime version overrides from frontmatter
-	ToolsTimeout        int                 // timeout in seconds for tool/MCP operations (0 = use engine default)
-	GitHubToken         string              // top-level github-token expression from frontmatter
-	ToolsStartupTimeout int                 // timeout in seconds for MCP server startup (0 = use engine default)
-	Features            map[string]bool     // feature flags from frontmatter
-	ActionCache         *ActionCache        // cache for action pin resolutions
-	ActionResolver      *ActionResolver     // resolver for action pins
-	StrictMode          bool                // strict mode for action pinning
+	Command             string               // for /command trigger support
+	CommandEvents       []string             // events where command should be active (nil = all events)
+	CommandOtherEvents  map[string]any       // for merging command with other events
+	AIReaction          string               // AI reaction type like "eyes", "heart", etc.
+	Jobs                map[string]any       // custom job configurations with dependencies
+	Cache               string               // cache configuration
+	NeedsTextOutput     bool                 // whether the workflow uses ${{ needs.task.outputs.text }}
+	NetworkPermissions  *NetworkPermissions  // parsed network permissions
+	SafeOutputs         *SafeOutputsConfig   // output configuration for automatic output routes
+	Roles               []string             // permission levels required to trigger workflow
+	CacheMemoryConfig   *CacheMemoryConfig   // parsed cache-memory configuration
+	SafetyPrompt        bool                 // whether to include XPIA safety prompt (default true)
+	Runtimes            map[string]any       // runtime version overrides from frontmatter
+	ToolsTimeout        int                  // timeout in seconds for tool/MCP operations (0 = use engine default)
+	GitHubToken         string               // top-level github-token expression from frontmatter
+	ToolsStartupTimeout int                  // timeout in seconds for MCP server startup (0 = use engine default)
+	Features            map[string]bool      // feature flags from frontmatter
+	ActionCache         *ActionCache         // cache for action pin resolutions
+	ActionResolver      *ActionResolver      // resolver for action pins
+	StrictMode          bool                 // strict mode for action pinning
+	SecretMasking       *SecretMaskingConfig // secret masking configuration
 }
 
 // BaseSafeOutputConfig holds common configuration fields for all safe output types
@@ -223,6 +224,11 @@ type SafeOutputsConfig struct {
 	RunsOn                          string                                 `yaml:"runs-on,omitempty"`        // Runner configuration for safe-outputs jobs
 }
 
+// SecretMaskingConfig holds configuration for secret redaction behavior
+type SecretMaskingConfig struct {
+	Steps []map[string]any `yaml:"steps,omitempty"` // Additional secret redaction steps to inject after built-in redaction
+}
+
 // CompileWorkflow converts a markdown workflow to GitHub Actions YAML
 func (c *Compiler) CompileWorkflow(markdownPath string) error {
 	// Parse the markdown file
@@ -757,6 +763,17 @@ func (c *Compiler) ParseWorkflowFile(markdownPath string) (*WorkflowData, error)
 	// Extract SafeOutputs configuration early so we can use it when applying default tools
 	safeOutputs := c.extractSafeOutputsConfig(result.Frontmatter)
 
+	// Extract SecretMasking configuration
+	secretMasking := c.extractSecretMaskingConfig(result.Frontmatter)
+
+	// Merge secret-masking from imports with top-level secret-masking
+	if importsResult.MergedSecretMasking != "" {
+		secretMasking, err = c.MergeSecretMasking(secretMasking, importsResult.MergedSecretMasking)
+		if err != nil {
+			return nil, fmt.Errorf("failed to merge secret-masking: %w", err)
+		}
+	}
+
 	var tools map[string]any
 
 	// Extract tools from the main file
@@ -928,6 +945,7 @@ func (c *Compiler) ParseWorkflowFile(markdownPath string) (*WorkflowData, error)
 		TrialLogicalRepo:    c.trialLogicalRepoSlug,
 		GitHubToken:         extractStringValue(result.Frontmatter, "github-token"),
 		StrictMode:          c.strictMode,
+		SecretMasking:       secretMasking,
 	}
 
 	// Initialize action cache and resolver
diff --git a/pkg/workflow/compiler_yaml.go b/pkg/workflow/compiler_yaml.go
@@ -262,7 +262,7 @@ func (c *Compiler) generateMainJobSteps(yaml *strings.Builder, data *WorkflowDat
 
 	// Add secret redaction step BEFORE any artifact uploads
 	// This ensures all artifacts are scanned for secrets before being uploaded
-	c.generateSecretRedactionStep(yaml, yaml.String())
+	c.generateSecretRedactionStep(yaml, yaml.String(), data)
 
 	// Add output collection step only if safe-outputs feature is used (GH_AW_SAFE_OUTPUTS functionality)
 	if data.SafeOutputs != nil {
diff --git a/pkg/workflow/redact_secrets.go b/pkg/workflow/redact_secrets.go
diff --git a/pkg/workflow/secret_masking.go b/pkg/workflow/secret_masking.go
diff --git a/pkg/workflow/secret_masking_test.go b/pkg/workflow/secret_masking_test.go
