From c437a1d907c25c9986ea288aa0f5afbea252cb7e Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 12 Feb 2026 20:00:52 +0000
Subject: [PATCH 1/2] Initial plan


From c00151701d957fc29733d7243a199fd0df6c8d3f Mon Sep 17 00:00:00 2001
From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com>
Date: Thu, 12 Feb 2026 20:07:56 +0000
Subject: [PATCH 2/2] Reduce minimum secret length to 6 characters in
 redact_secrets.cjs

Co-authored-by: pelikhan <4175913+pelikhan@users.noreply.github.com>
---
 actions/setup/js/redact_secrets.cjs      |  2 +-
 actions/setup/js/redact_secrets.test.cjs | 13 ++++++++++---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/actions/setup/js/redact_secrets.cjs b/actions/setup/js/redact_secrets.cjs
index 882a90d6f4..b4e556613f 100644
--- a/actions/setup/js/redact_secrets.cjs
+++ b/actions/setup/js/redact_secrets.cjs
@@ -114,7 +114,7 @@ function redactSecrets(content, secretValues) {
   const sortedSecrets = secretValues.slice().sort((a, b) => b.length - a.length);
   for (const secretValue of sortedSecrets) {
     // Skip empty or very short values (likely not actual secrets)
-    if (!secretValue || secretValue.length < 8) {
+    if (!secretValue || secretValue.length < 6) {
       continue;
     }
     // Count occurrences before replacement
diff --git a/actions/setup/js/redact_secrets.test.cjs b/actions/setup/js/redact_secrets.test.cjs
index a49f7dc58c..898370aa00 100644
--- a/actions/setup/js/redact_secrets.test.cjs
+++ b/actions/setup/js/redact_secrets.test.cjs
@@ -95,11 +95,18 @@ describe("redact_secrets.cjs", () => {
             expect(callString).not.toContain(secretValue);
           }
         }),
-        it("should skip very short values", async () => {
+        it("should skip very short values (less than 6 characters)", async () => {
           const testFile = path.join(tempDir, "test.txt");
-          (fs.writeFileSync(testFile, "Short: abc123"), (process.env.GH_AW_SECRET_NAMES = "SHORT_SECRET"), (process.env.SECRET_SHORT_SECRET = "abc"));
+          (fs.writeFileSync(testFile, "Short: 12345"), (process.env.GH_AW_SECRET_NAMES = "SHORT_SECRET"), (process.env.SECRET_SHORT_SECRET = "12345"));
           const modifiedScript = redactScript.replace('findFiles("/tmp/gh-aw", targetExtensions)', `findFiles("${tempDir.replace(/\\/g, "\\\\")}", targetExtensions)`);
-          (await eval(`(async () => { ${modifiedScript}; await main(); })()`), expect(fs.readFileSync(testFile, "utf8")).toBe("Short: abc123"));
+          (await eval(`(async () => { ${modifiedScript}; await main(); })()`), expect(fs.readFileSync(testFile, "utf8")).toBe("Short: 12345"));
+        }),
+        it("should redact 6-character secrets", async () => {
+          const testFile = path.join(tempDir, "test.txt");
+          const secretValue = "abc123";
+          (fs.writeFileSync(testFile, `Secret: ${secretValue} test`), (process.env.GH_AW_SECRET_NAMES = "SIX_CHAR_SECRET"), (process.env.SECRET_SIX_CHAR_SECRET = secretValue));
+          const modifiedScript = redactScript.replace('findFiles("/tmp/gh-aw", targetExtensions)', `findFiles("${tempDir.replace(/\\/g, "\\\\")}", targetExtensions)`);
+          (await eval(`(async () => { ${modifiedScript}; await main(); })()`), expect(fs.readFileSync(testFile, "utf8")).toBe("Secret: abc*** test"));
         }),
         it("should handle multiple secrets in same file", async () => {
           const testFile = path.join(tempDir, "test.txt"),