GitLab Runner authentication token exposed in the runner log file
Summary
In the "Runner is not healthy" messages in the GitLab Runner logs, the full Runner token is logged next to the coordinator URL.
Steps to reproduce
Register a Runner, force it to be unhealthy somehow, and then see the logged token.
Actual behavior
Full Runner token is logged
Expected behavior
Runner token is never logged
Relevant logs and/or screenshots
runner log
Dec 05 04:35:03 runner-hostname gitlab-runner[1240]: WARNING: Runner "https://gitlab.example.comFULL-RUNNER-TOKEN-HERE" is not healthy, but check for a new job will be forced! unhealthy_interval=1h0m0s unhealthy_requests=3 unhealthy_requests_limit=3Possible fixes
Edited by Cody West