fix(secrets): prevent shell injection in secret key names and mask values

- Validate secret key names against alphanumeric allowlist before shell interpolation - Apply validation in both SecretSourceService.fetchSecret() and legacy queryOverride() - Mask fetched secret values with core.setSecret() to prevent log exposure - Add 20 new tests for validation and masking Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-06-01 06:16:14 -07:00 · 2026-03-05 12:55:18 +00:00
parent 7f895304f4
commit 1f3affe097
5 changed files with 642 additions and 41 deletions
--- a/dist/index.js
+++ b/dist/index.js
@@ -2243,6 +2243,9 @@ class OrchestratorOptions {
    static get pullInputList() {
        return OrchestratorOptions.getInput('pullInputList')?.split(`,`) || [];
    }
+    static get secretSource() {
+        return OrchestratorOptions.getInput('secretSource') || '';
+    }
    static get inputPullCommand() {
        const value = OrchestratorOptions.getInput('inputPullCommand');
        if (value === 'gcp-secret-manager') {
@@ -2364,13 +2367,39 @@ exports["default"] = OrchestratorOptions;

 "use strict";

+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
 var __importDefault = (this && this.__importDefault) || function (mod) {
    return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", ({ value: true }));
+const core = __importStar(__nccwpck_require__(42186));
 const input_1 = __importDefault(__nccwpck_require__(91933));
 const generic_input_reader_1 = __nccwpck_require__(2263);
 const orchestrator_options_1 = __importDefault(__nccwpck_require__(82473));
+const secret_source_service_1 = __nccwpck_require__(79089);
+const orchestrator_logger_1 = __importDefault(__nccwpck_require__(32549));
 const formatFunction = (value, arguments_) => {
    for (const element of arguments_) {
        value = value.replace(`{${element.key}}`, element.value);
@@ -2378,7 +2407,6 @@ const formatFunction = (value, arguments_) => {
    return value;
 };
 class OrchestratorQueryOverride {
-    // TODO accept premade secret sources or custom secret source definition yamls
    static query(key, alternativeKey) {
        if (OrchestratorQueryOverride.queryOverrides && OrchestratorQueryOverride.queryOverrides[key] !== undefined) {
            return OrchestratorQueryOverride.queryOverrides[key];
@@ -2406,11 +2434,49 @@ class OrchestratorQueryOverride {
        if (!this.shouldUseOverride(query)) {
            throw new Error(`Should not be trying to run override query on ${query}`);
        }
-        return await generic_input_reader_1.GenericInputReader.Run(formatFunction(orchestrator_options_1.default.inputPullCommand, [{ key: 0, value: query }]));
+        // Validate the query key before interpolating it into a shell command
+        (0, secret_source_service_1.validateSecretKey)(query);
+        const result = await generic_input_reader_1.GenericInputReader.Run(formatFunction(orchestrator_options_1.default.inputPullCommand, [{ key: 0, value: query }]));
+        // Mask the fetched secret value so it does not appear in GitHub Actions logs
+        if (result && result.trim().length > 0) {
+            core.setSecret(result);
+        }
+        return result;
    }
+    /**
+     * Populate query overrides using either:
+     * 1. Premade/custom secret sources (via secretSource input), or
+     * 2. Shell command (via inputPullCommand, legacy approach)
+     *
+     * The secretSource input takes precedence if set. It supports:
+     * - Premade names: 'aws-secrets-manager', 'aws-parameter-store', 'gcp-secret-manager', 'azure-key-vault', 'env'
+     * - Custom commands: any string containing {0} placeholder
+     * - YAML file path: a path ending in .yml or .yaml containing custom source definitions
+     */
    static async PopulateQueryOverrideInput() {
        const queries = orchestrator_options_1.default.pullInputList;
        OrchestratorQueryOverride.queryOverrides = {};
+        const secretSource = orchestrator_options_1.default.secretSource;
+        // Use SecretSourceService if secretSource is configured
+        if (secretSource) {
+            orchestrator_logger_1.default.log(`Using secret source: ${secretSource}`);
+            // YAML file: load definitions and use the first source
+            if (secretSource.endsWith('.yml') || secretSource.endsWith('.yaml')) {
+                const definitions = secret_source_service_1.SecretSourceService.loadFromYaml(secretSource);
+                if (definitions.length > 0) {
+                    orchestrator_logger_1.default.log(`Loaded ${definitions.length} secret source(s) from ${secretSource}`);
+                    for (const key of queries) {
+                        OrchestratorQueryOverride.queryOverrides[key] = await secret_source_service_1.SecretSourceService.fetchSecret(definitions[0], key);
+                    }
+                }
+                return;
+            }
+            // Premade or custom command source
+            const results = await secret_source_service_1.SecretSourceService.fetchAll(secretSource, queries);
+            Object.assign(OrchestratorQueryOverride.queryOverrides, results);
+            return;
+        }
+        // Legacy: use inputPullCommand if set
        for (const element of queries) {
            if (OrchestratorQueryOverride.shouldUseOverride(element)) {
                OrchestratorQueryOverride.queryOverrides[element] = await OrchestratorQueryOverride.queryOverride(element);
@@ -9632,6 +9698,333 @@ class ContainerHookService {
 exports.ContainerHookService = ContainerHookService;


+/***/ }),
+
+/***/ 79089:
+/***/ (function(__unused_webpack_module, exports, __nccwpck_require__) {
+
+"use strict";
+
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || function (mod) {
+    if (mod && mod.__esModule) return mod;
+    var result = {};
+    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
+    __setModuleDefault(result, mod);
+    return result;
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", ({ value: true }));
+exports.SecretSourceService = exports.validateSecretKey = void 0;
+const node_fs_1 = __importDefault(__nccwpck_require__(87561));
+const core = __importStar(__nccwpck_require__(42186));
+const orchestrator_logger_1 = __importDefault(__nccwpck_require__(32549));
+const orchestrator_system_1 = __nccwpck_require__(9744);
+/**
+ * Validate that a secret key name contains only safe characters.
+ * Prevents shell injection when keys are interpolated into commands.
+ *
+ * Allowed characters: alphanumeric, hyphens, underscores, dots, forward slashes.
+ *
+ * @param key - The secret key name to validate
+ * @returns The validated key (unchanged)
+ * @throws Error if the key contains disallowed characters
+ */
+function validateSecretKey(key) {
+    if (!/^[a-zA-Z0-9\-_./]+$/.test(key)) {
+        throw new Error(`Invalid secret key name: "${key}". Keys may only contain alphanumeric characters, hyphens, underscores, dots, and forward slashes.`);
+    }
+    return key;
+}
+exports.validateSecretKey = validateSecretKey;
+/**
+ * Mask a secret value so it does not appear in GitHub Actions logs.
+ * Empty or whitespace-only values are skipped (core.setSecret would be a no-op).
+ */
+function maskSecretValue(value) {
+    if (value.trim().length > 0) {
+        core.setSecret(value);
+    }
+}
+/**
+ * Premade secret sources and custom YAML-based secret source definitions.
+ *
+ * Premade sources are string shortcuts that expand to shell commands:
+ *   - `aws-secrets-manager` -- AWS Secrets Manager
+ *   - `aws-parameter-store` -- AWS Systems Manager Parameter Store
+ *   - `gcp-secret-manager` -- Google Cloud Secret Manager
+ *   - `azure-key-vault` -- Azure Key Vault (requires AZURE_VAULT_NAME env var)
+ *   - `hashicorp-vault` -- HashiCorp Vault KV v2 (requires VAULT_ADDR, optionally VAULT_MOUNT)
+ *   - `hashicorp-vault-kv1` -- HashiCorp Vault KV v1 (requires VAULT_ADDR, optionally VAULT_MOUNT)
+ *   - `env` -- Read from environment variables (no shell command needed)
+ *
+ * Custom YAML format:
+ *   sources:
+ *     - name: my-vault
+ *       command: 'vault kv get -field=value secret/{0}'
+ *     - name: my-api
+ *       command: 'curl -s https://secrets.example.com/api/{0}'
+ *       parseOutput: json-field
+ *       jsonField: value
+ */
+class SecretSourceService {
+    /**
+     * Check if a source name is a known premade source.
+     */
+    static isPremadeSource(sourceName) {
+        return sourceName in SecretSourceService.premadeSources;
+    }
+    /**
+     * Get the list of available premade source names.
+     */
+    static getAvailableSources() {
+        return Object.keys(SecretSourceService.premadeSources);
+    }
+    /**
+     * Resolve a source name to a SecretSourceDefinition.
+     *
+     * - If the name matches a premade source, returns that definition.
+     * - If it looks like a shell command (contains spaces or {0}), wraps it as a custom command.
+     * - Otherwise, returns undefined.
+     */
+    static resolveSource(sourceName) {
+        // Check premade sources
+        if (SecretSourceService.isPremadeSource(sourceName)) {
+            return SecretSourceService.premadeSources[sourceName];
+        }
+        // If it contains a placeholder or spaces, treat it as a raw command
+        if (sourceName.includes('{0}') || sourceName.includes(' ')) {
+            return {
+                name: 'custom-command',
+                command: sourceName,
+                parseOutput: 'raw',
+            };
+        }
+        return undefined;
+    }
+    /**
+     * Load custom secret source definitions from a YAML file.
+     *
+     * Expected format:
+     *   sources:
+     *     - name: my-source
+     *       command: 'my-tool get-secret {0}'
+     *     - name: my-api
+     *       command: 'curl -s https://api.example.com/secrets/{0}'
+     *       parseOutput: json-field
+     *       jsonField: value
+     */
+    static loadFromYaml(filePath) {
+        if (!node_fs_1.default.existsSync(filePath)) {
+            orchestrator_logger_1.default.logWarning(`Secret source YAML not found: ${filePath}`);
+            return [];
+        }
+        try {
+            const content = node_fs_1.default.readFileSync(filePath, 'utf8');
+            const parsed = SecretSourceService.parseSimpleYaml(content);
+            return parsed;
+        }
+        catch (error) {
+            orchestrator_logger_1.default.logWarning(`Failed to parse secret source YAML: ${error.message}`);
+            return [];
+        }
+    }
+    /**
+     * Fetch a secret value using the given source definition.
+     *
+     * Validates the key against an allowlist pattern before interpolating it
+     * into the command string to prevent shell injection. The fetched secret
+     * value is masked via core.setSecret() so it does not leak in logs.
+     *
+     * @param source - The secret source definition to use
+     * @param key - The secret key to fetch
+     * @returns The secret value, or empty string on failure
+     */
+    static async fetchSecret(source, key) {
+        // Validate the key to prevent shell injection
+        validateSecretKey(key);
+        const command = source.command.replace(/\{0\}/g, key);
+        try {
+            const output = await orchestrator_system_1.OrchestratorSystem.Run(command, false, true);
+            let value;
+            if (source.parseOutput === 'json-field' && source.jsonField) {
+                try {
+                    const parsed = JSON.parse(output);
+                    value = parsed[source.jsonField] || '';
+                }
+                catch {
+                    orchestrator_logger_1.default.logWarning(`Failed to parse JSON output from ${source.name} for key ${key}`);
+                    value = output.trim();
+                }
+            }
+            else {
+                value = output.trim();
+            }
+            // Mask the secret value so it does not appear in GitHub Actions logs
+            maskSecretValue(value);
+            return value;
+        }
+        catch (error) {
+            orchestrator_logger_1.default.logWarning(`Failed to fetch secret '${key}' from ${source.name}: ${error.message}`);
+            return '';
+        }
+    }
+    /**
+     * Fetch a secret from an environment variable. No shell command needed.
+     * The value is masked via core.setSecret() so it does not leak in logs.
+     */
+    static fetchFromEnv(key) {
+        const value = process.env[key] || '';
+        maskSecretValue(value);
+        return value;
+    }
+    /**
+     * Resolve a source name and fetch all secrets from it.
+     *
+     * @param sourceName - Premade source name, shell command, or 'env'
+     * @param keys - List of secret keys to fetch
+     * @returns Map of key -> value
+     */
+    static async fetchAll(sourceName, keys) {
+        const results = {};
+        if (sourceName === 'env') {
+            for (const key of keys) {
+                results[key] = SecretSourceService.fetchFromEnv(key);
+            }
+            return results;
+        }
+        const source = SecretSourceService.resolveSource(sourceName);
+        if (!source) {
+            orchestrator_logger_1.default.logWarning(`Unknown secret source '${sourceName}'. Available sources: ${SecretSourceService.getAvailableSources().join(', ')}`);
+            return results;
+        }
+        orchestrator_logger_1.default.log(`Fetching ${keys.length} secret(s) from ${source.name}`);
+        for (const key of keys) {
+            results[key] = await SecretSourceService.fetchSecret(source, key);
+        }
+        return results;
+    }
+    /**
+     * Simple YAML parser for secret source definitions.
+     * Handles the specific structure we expect without requiring a YAML library.
+     */
+    static parseSimpleYaml(content) {
+        const definitions = [];
+        const lines = content.split('\n');
+        let current = null;
+        for (const rawLine of lines) {
+            const line = rawLine.replace(/\r$/, '');
+            const trimmed = line.trim();
+            if (trimmed === '' || trimmed.startsWith('#'))
+                continue;
+            if (trimmed === '- name:' || trimmed.startsWith('- name:')) {
+                if (current?.name && current?.command) {
+                    definitions.push(current);
+                }
+                current = {
+                    name: trimmed
+                        .replace('- name:', '')
+                        .trim()
+                        .replace(/^['"]|['"]$/g, ''),
+                    parseOutput: 'raw',
+                };
+                continue;
+            }
+            if (current && trimmed.startsWith('command:')) {
+                current.command = trimmed
+                    .replace('command:', '')
+                    .trim()
+                    .replace(/^['"]|['"]$/g, '');
+            }
+            else if (current && trimmed.startsWith('parseOutput:')) {
+                const value = trimmed
+                    .replace('parseOutput:', '')
+                    .trim()
+                    .replace(/^['"]|['"]$/g, '');
+                current.parseOutput = value;
+            }
+            else if (current && trimmed.startsWith('jsonField:')) {
+                current.jsonField = trimmed
+                    .replace('jsonField:', '')
+                    .trim()
+                    .replace(/^['"]|['"]$/g, '');
+            }
+        }
+        if (current?.name && current?.command) {
+            definitions.push(current);
+        }
+        return definitions;
+    }
+}
+exports.SecretSourceService = SecretSourceService;
+SecretSourceService.premadeSources = {
+    'aws-secrets-manager': {
+        name: 'aws-secrets-manager',
+        command: 'aws secretsmanager get-secret-value --secret-id {0} --query SecretString --output text',
+        parseOutput: 'raw',
+    },
+    'aws-secret-manager': {
+        // Alias for backward compatibility (original name in inputPullCommand)
+        name: 'aws-secret-manager',
+        command: 'aws secretsmanager get-secret-value --secret-id {0} --query SecretString --output text',
+        parseOutput: 'raw',
+    },
+    'aws-parameter-store': {
+        name: 'aws-parameter-store',
+        command: 'aws ssm get-parameter --name {0} --with-decryption --query Parameter.Value --output text',
+        parseOutput: 'raw',
+    },
+    'gcp-secret-manager': {
+        name: 'gcp-secret-manager',
+        command: 'gcloud secrets versions access latest --secret="{0}"',
+        parseOutput: 'raw',
+    },
+    'azure-key-vault': {
+        name: 'azure-key-vault',
+        command: 'az keyvault secret show --vault-name "$AZURE_VAULT_NAME" --name {0} --query value --output tsv',
+        parseOutput: 'raw',
+    },
+    'hashicorp-vault': {
+        // HashiCorp Vault KV v2 (default). Requires VAULT_ADDR env var.
+        // Optionally set VAULT_MOUNT to override the mount path (default: 'secret').
+        // Authentication is handled by VAULT_TOKEN or other Vault auth env vars.
+        name: 'hashicorp-vault',
+        command: 'vault kv get -mount="${VAULT_MOUNT:-secret}" -field=value {0}',
+        parseOutput: 'raw',
+    },
+    'hashicorp-vault-kv1': {
+        // HashiCorp Vault KV v1. Requires VAULT_ADDR env var.
+        // Optionally set VAULT_MOUNT to override the mount path (default: 'secret').
+        name: 'hashicorp-vault-kv1',
+        command: 'vault read -mount="${VAULT_MOUNT:-secret}" -field=value {0}',
+        parseOutput: 'raw',
+    },
+    vault: {
+        // Short alias for hashicorp-vault (KV v2)
+        name: 'vault',
+        command: 'vault kv get -mount="${VAULT_MOUNT:-secret}" -field=value {0}',
+        parseOutput: 'raw',
+    },
+};
+
+
 /***/ }),

 /***/ 23451:
--- a/dist/index.js.map
+++ b/dist/index.js.map
--- a/src/model/orchestrator/options/orchestrator-query-override.ts
+++ b/src/model/orchestrator/options/orchestrator-query-override.ts
@@ -1,7 +1,8 @@
+import * as core from '@actions/core';
 import Input from '../../input';
 import { GenericInputReader } from '../../input-readers/generic-input-reader';
 import OrchestratorOptions from './orchestrator-options';
-import { SecretSourceService } from '../services/secrets/secret-source-service';
+import { SecretSourceService, validateSecretKey } from '../services/secrets/secret-source-service';
 import OrchestratorLogger from '../services/core/orchestrator-logger';

 const formatFunction = (value: string, arguments_: any[]) => {
@@ -49,9 +50,19 @@ class OrchestratorQueryOverride {
      throw new Error(`Should not be trying to run override query on ${query}`);
    }

-    return await GenericInputReader.Run(
+    // Validate the query key before interpolating it into a shell command
+    validateSecretKey(query);
+
+    const result = await GenericInputReader.Run(
      formatFunction(OrchestratorOptions.inputPullCommand, [{ key: 0, value: query }]),
    );
+
+    // Mask the fetched secret value so it does not appear in GitHub Actions logs
+    if (result && result.trim().length > 0) {
+      core.setSecret(result);
+    }
+
+    return result;
  }

  /**
@@ -80,10 +91,7 @@ class OrchestratorQueryOverride {
        if (definitions.length > 0) {
          OrchestratorLogger.log(`Loaded ${definitions.length} secret source(s) from ${secretSource}`);
          for (const key of queries) {
-            OrchestratorQueryOverride.queryOverrides[key] = await SecretSourceService.fetchSecret(
-              definitions[0],
-              key,
-            );
+            OrchestratorQueryOverride.queryOverrides[key] = await SecretSourceService.fetchSecret(definitions[0], key);
          }
        }

--- a/src/model/orchestrator/services/secrets/secret-source-service.test.ts
+++ b/src/model/orchestrator/services/secrets/secret-source-service.test.ts
@@ -1,7 +1,14 @@
 import fs from 'node:fs';
-import { SecretSourceService } from './secret-source-service';
+import * as core from '@actions/core';
+import { SecretSourceService, validateSecretKey } from './secret-source-service';

 jest.mock('node:fs');
+jest.mock('@actions/core', () => ({
+  setSecret: jest.fn(),
+  info: jest.fn(),
+  warning: jest.fn(),
+  error: jest.fn(),
+}));
 jest.mock('../core/orchestrator-system', () => ({
  OrchestratorSystem: {
    Run: jest.fn().mockResolvedValue(''),
@@ -23,6 +30,69 @@ describe('SecretSourceService', () => {
    jest.clearAllMocks();
  });

+  describe('validateSecretKey', () => {
+    it('should accept alphanumeric keys', () => {
+      expect(validateSecretKey('MY_SECRET_KEY')).toBe('MY_SECRET_KEY');
+    });
+
+    it('should accept keys with hyphens', () => {
+      expect(validateSecretKey('my-secret-key')).toBe('my-secret-key');
+    });
+
+    it('should accept keys with dots', () => {
+      expect(validateSecretKey('my.secret.key')).toBe('my.secret.key');
+    });
+
+    it('should accept keys with forward slashes', () => {
+      expect(validateSecretKey('path/to/secret')).toBe('path/to/secret');
+    });
+
+    it('should accept keys with mixed valid characters', () => {
+      expect(validateSecretKey('my-app/prod_db.password')).toBe('my-app/prod_db.password');
+    });
+
+    it('should reject keys with semicolons (shell injection)', () => {
+      expect(() => validateSecretKey('; rm -rf /')).toThrow('Invalid secret key name');
+    });
+
+    it('should reject keys with backticks (command substitution)', () => {
+      expect(() => validateSecretKey('`whoami`')).toThrow('Invalid secret key name');
+    });
+
+    it('should reject keys with dollar signs (variable expansion)', () => {
+      expect(() => validateSecretKey('$HOME')).toThrow('Invalid secret key name');
+    });
+
+    it('should reject keys with pipe characters', () => {
+      expect(() => validateSecretKey('key | cat /etc/passwd')).toThrow('Invalid secret key name');
+    });
+
+    it('should reject keys with ampersands', () => {
+      expect(() => validateSecretKey('key && echo pwned')).toThrow('Invalid secret key name');
+    });
+
+    it('should reject keys with newlines', () => {
+      expect(() => validateSecretKey('key\nmalicious')).toThrow('Invalid secret key name');
+    });
+
+    it('should reject keys with quotes', () => {
+      expect(() => validateSecretKey('"key"')).toThrow('Invalid secret key name');
+      expect(() => validateSecretKey("'key'")).toThrow('Invalid secret key name');
+    });
+
+    it('should reject keys with parentheses (subshell)', () => {
+      expect(() => validateSecretKey('$(whoami)')).toThrow('Invalid secret key name');
+    });
+
+    it('should reject empty keys', () => {
+      expect(() => validateSecretKey('')).toThrow('Invalid secret key name');
+    });
+
+    it('should reject keys with spaces', () => {
+      expect(() => validateSecretKey('key with spaces')).toThrow('Invalid secret key name');
+    });
+  });
+
  describe('isPremadeSource', () => {
    it('should return true for aws-secrets-manager', () => {
      expect(SecretSourceService.isPremadeSource('aws-secrets-manager')).toBe(true);
@@ -111,11 +181,7 @@ describe('SecretSourceService', () => {
      const result = await SecretSourceService.fetchSecret(source, 'MY_SECRET');

      expect(result).toBe('my-secret-value');
-      expect(OrchestratorSystem.Run).toHaveBeenCalledWith(
-        expect.stringContaining('MY_SECRET'),
-        false,
-        true,
-      );
+      expect(OrchestratorSystem.Run).toHaveBeenCalledWith(expect.stringContaining('MY_SECRET'), false, true);
    });

    it('should parse JSON output when parseOutput is json-field', async () => {
@@ -157,6 +223,71 @@ describe('SecretSourceService', () => {

      expect(result).toBe('');
    });
+
+    it('should reject keys with shell injection characters', async () => {
+      const source = SecretSourceService.resolveSource('aws-secrets-manager')!;
+
+      await expect(SecretSourceService.fetchSecret(source, '; rm -rf /')).rejects.toThrow('Invalid secret key name');
+    });
+
+    it('should reject keys with command substitution', async () => {
+      const source = SecretSourceService.resolveSource('aws-secrets-manager')!;
+
+      await expect(SecretSourceService.fetchSecret(source, '$(whoami)')).rejects.toThrow('Invalid secret key name');
+    });
+
+    it('should reject keys with backtick command substitution', async () => {
+      const source = SecretSourceService.resolveSource('aws-secrets-manager')!;
+
+      await expect(SecretSourceService.fetchSecret(source, '`cat /etc/passwd`')).rejects.toThrow(
+        'Invalid secret key name',
+      );
+    });
+
+    it('should accept keys with valid path-like patterns', async () => {
+      const { OrchestratorSystem } = require('../core/orchestrator-system');
+      OrchestratorSystem.Run.mockResolvedValue('secret-value');
+
+      const source = SecretSourceService.resolveSource('aws-secrets-manager')!;
+      const result = await SecretSourceService.fetchSecret(source, 'prod/database/password');
+
+      expect(result).toBe('secret-value');
+    });
+
+    it('should mask fetched secret values with core.setSecret', async () => {
+      const { OrchestratorSystem } = require('../core/orchestrator-system');
+      OrchestratorSystem.Run.mockResolvedValue('super-secret-value');
+
+      const source = SecretSourceService.resolveSource('aws-secrets-manager')!;
+      await SecretSourceService.fetchSecret(source, 'MY_SECRET');
+
+      expect(core.setSecret).toHaveBeenCalledWith('super-secret-value');
+    });
+
+    it('should not mask empty secret values', async () => {
+      const { OrchestratorSystem } = require('../core/orchestrator-system');
+      OrchestratorSystem.Run.mockResolvedValue('');
+
+      const source = SecretSourceService.resolveSource('aws-secrets-manager')!;
+      await SecretSourceService.fetchSecret(source, 'MY_SECRET');
+
+      expect(core.setSecret).not.toHaveBeenCalled();
+    });
+
+    it('should mask JSON-extracted secret values', async () => {
+      const { OrchestratorSystem } = require('../core/orchestrator-system');
+      OrchestratorSystem.Run.mockResolvedValue(JSON.stringify({ value: 'json-secret' }));
+
+      const source = {
+        name: 'test-source',
+        command: 'fetch {0}',
+        parseOutput: 'json-field' as const,
+        jsonField: 'value',
+      };
+      await SecretSourceService.fetchSecret(source, 'KEY');
+
+      expect(core.setSecret).toHaveBeenCalledWith('json-secret');
+    });
  });

  describe('fetchFromEnv', () => {
@@ -171,6 +302,19 @@ describe('SecretSourceService', () => {
      const result = SecretSourceService.fetchFromEnv('NONEXISTENT_KEY_12345');
      expect(result).toBe('');
    });
+
+    it('should mask env var values with core.setSecret', () => {
+      process.env.TEST_MASK_KEY = 'masked-env-value';
+      SecretSourceService.fetchFromEnv('TEST_MASK_KEY');
+      expect(core.setSecret).toHaveBeenCalledWith('masked-env-value');
+      delete process.env.TEST_MASK_KEY;
+    });
+
+    it('should not mask empty env var values', () => {
+      const result = SecretSourceService.fetchFromEnv('NONEXISTENT_KEY_99999');
+      expect(result).toBe('');
+      expect(core.setSecret).not.toHaveBeenCalled();
+    });
  });

  describe('fetchAll', () => {
@@ -189,9 +333,7 @@ describe('SecretSourceService', () => {

    it('should fetch all keys from premade source', async () => {
      const { OrchestratorSystem } = require('../core/orchestrator-system');
-      OrchestratorSystem.Run
-        .mockResolvedValueOnce('secret-1')
-        .mockResolvedValueOnce('secret-2');
+      OrchestratorSystem.Run.mockResolvedValueOnce('secret-1').mockResolvedValueOnce('secret-2');

      const results = await SecretSourceService.fetchAll('aws-parameter-store', ['param1', 'param2']);

--- a/src/model/orchestrator/services/secrets/secret-source-service.ts
+++ b/src/model/orchestrator/services/secrets/secret-source-service.ts
@@ -1,4 +1,5 @@
 import fs from 'node:fs';
+import * as core from '@actions/core';
 import OrchestratorLogger from '../core/orchestrator-logger';
 import { OrchestratorSystem } from '../core/orchestrator-system';

@@ -12,17 +13,47 @@ export interface SecretSourceDefinition {
  jsonField?: string;
 }

+/**
+ * Validate that a secret key name contains only safe characters.
+ * Prevents shell injection when keys are interpolated into commands.
+ *
+ * Allowed characters: alphanumeric, hyphens, underscores, dots, forward slashes.
+ *
+ * @param key - The secret key name to validate
+ * @returns The validated key (unchanged)
+ * @throws Error if the key contains disallowed characters
+ */
+export function validateSecretKey(key: string): string {
+  if (!/^[a-zA-Z0-9\-_./]+$/.test(key)) {
+    throw new Error(
+      `Invalid secret key name: "${key}". Keys may only contain alphanumeric characters, hyphens, underscores, dots, and forward slashes.`,
+    );
+  }
+
+  return key;
+}
+
+/**
+ * Mask a secret value so it does not appear in GitHub Actions logs.
+ * Empty or whitespace-only values are skipped (core.setSecret would be a no-op).
+ */
+function maskSecretValue(value: string): void {
+  if (value.trim().length > 0) {
+    core.setSecret(value);
+  }
+}
+
 /**
 * Premade secret sources and custom YAML-based secret source definitions.
 *
 * Premade sources are string shortcuts that expand to shell commands:
- *   - `aws-secrets-manager` — AWS Secrets Manager
- *   - `aws-parameter-store` — AWS Systems Manager Parameter Store
- *   - `gcp-secret-manager` — Google Cloud Secret Manager
- *   - `azure-key-vault` — Azure Key Vault (requires AZURE_VAULT_NAME env var)
- *   - `hashicorp-vault` — HashiCorp Vault KV v2 (requires VAULT_ADDR, optionally VAULT_MOUNT)
- *   - `hashicorp-vault-kv1` — HashiCorp Vault KV v1 (requires VAULT_ADDR, optionally VAULT_MOUNT)
- *   - `env` — Read from environment variables (no shell command needed)
+ *   - `aws-secrets-manager` -- AWS Secrets Manager
+ *   - `aws-parameter-store` -- AWS Systems Manager Parameter Store
+ *   - `gcp-secret-manager` -- Google Cloud Secret Manager
+ *   - `azure-key-vault` -- Azure Key Vault (requires AZURE_VAULT_NAME env var)
+ *   - `hashicorp-vault` -- HashiCorp Vault KV v2 (requires VAULT_ADDR, optionally VAULT_MOUNT)
+ *   - `hashicorp-vault-kv1` -- HashiCorp Vault KV v1 (requires VAULT_ADDR, optionally VAULT_MOUNT)
+ *   - `env` -- Read from environment variables (no shell command needed)
 *
 * Custom YAML format:
 *   sources:
@@ -76,7 +107,7 @@ export class SecretSourceService {
      command: 'vault read -mount="${VAULT_MOUNT:-secret}" -field=value {0}',
      parseOutput: 'raw',
    },
-    'vault': {
+    vault: {
      // Short alias for hashicorp-vault (KV v2)
      name: 'vault',
      command: 'vault kv get -mount="${VAULT_MOUNT:-secret}" -field=value {0}',
@@ -157,29 +188,41 @@ export class SecretSourceService {
  /**
   * Fetch a secret value using the given source definition.
   *
+   * Validates the key against an allowlist pattern before interpolating it
+   * into the command string to prevent shell injection. The fetched secret
+   * value is masked via core.setSecret() so it does not leak in logs.
+   *
   * @param source - The secret source definition to use
   * @param key - The secret key to fetch
   * @returns The secret value, or empty string on failure
   */
  static async fetchSecret(source: SecretSourceDefinition, key: string): Promise<string> {
+    // Validate the key to prevent shell injection
+    validateSecretKey(key);
+
    const command = source.command.replace(/\{0\}/g, key);

    try {
      const output = await OrchestratorSystem.Run(command, false, true);

+      let value: string;
+
      if (source.parseOutput === 'json-field' && source.jsonField) {
        try {
          const parsed = JSON.parse(output);
-
-          return parsed[source.jsonField] || '';
+          value = parsed[source.jsonField] || '';
        } catch {
          OrchestratorLogger.logWarning(`Failed to parse JSON output from ${source.name} for key ${key}`);
-
-          return output.trim();
+          value = output.trim();
        }
+      } else {
+        value = output.trim();
      }

-      return output.trim();
+      // Mask the secret value so it does not appear in GitHub Actions logs
+      maskSecretValue(value);
+
+      return value;
    } catch (error: any) {
      OrchestratorLogger.logWarning(`Failed to fetch secret '${key}' from ${source.name}: ${error.message}`);

@@ -189,9 +232,13 @@ export class SecretSourceService {

  /**
   * Fetch a secret from an environment variable. No shell command needed.
+   * The value is masked via core.setSecret() so it does not leak in logs.
   */
  static fetchFromEnv(key: string): string {
-    return process.env[key] || '';
+    const value = process.env[key] || '';
+    maskSecretValue(value);
+
+    return value;
  }

  /**
@@ -201,10 +248,7 @@ export class SecretSourceService {
   * @param keys - List of secret keys to fetch
   * @returns Map of key -> value
   */
-  static async fetchAll(
-    sourceName: string,
-    keys: string[],
-  ): Promise<Record<string, string>> {
+  static async fetchAll(sourceName: string, keys: string[]): Promise<Record<string, string>> {
    const results: Record<string, string> = {};

    if (sourceName === 'env') {
@@ -218,7 +262,9 @@ export class SecretSourceService {
    const source = SecretSourceService.resolveSource(sourceName);
    if (!source) {
      OrchestratorLogger.logWarning(
-        `Unknown secret source '${sourceName}'. Available sources: ${SecretSourceService.getAvailableSources().join(', ')}`,
+        `Unknown secret source '${sourceName}'. Available sources: ${SecretSourceService.getAvailableSources().join(
+          ', ',
+        )}`,
      );

      return results;
@@ -254,19 +300,31 @@ export class SecretSourceService {
        }

        current = {
-          name: trimmed.replace('- name:', '').trim().replace(/^['"]|['"]$/g, ''),
+          name: trimmed
+            .replace('- name:', '')
+            .trim()
+            .replace(/^['"]|['"]$/g, ''),
          parseOutput: 'raw',
        };
        continue;
      }

      if (current && trimmed.startsWith('command:')) {
-        current.command = trimmed.replace('command:', '').trim().replace(/^['"]|['"]$/g, '');
+        current.command = trimmed
+          .replace('command:', '')
+          .trim()
+          .replace(/^['"]|['"]$/g, '');
      } else if (current && trimmed.startsWith('parseOutput:')) {
-        const value = trimmed.replace('parseOutput:', '').trim().replace(/^['"]|['"]$/g, '');
+        const value = trimmed
+          .replace('parseOutput:', '')
+          .trim()
+          .replace(/^['"]|['"]$/g, '');
        current.parseOutput = value as 'raw' | 'json-field';
      } else if (current && trimmed.startsWith('jsonField:')) {
-        current.jsonField = trimmed.replace('jsonField:', '').trim().replace(/^['"]|['"]$/g, '');
+        current.jsonField = trimmed
+          .replace('jsonField:', '')
+          .trim()
+          .replace(/^['"]|['"]$/g, '');
      }
    }