If a secret in actions has a value similar to other secrets, subsequent secrets or variables will be overwritten.

[Updates-Unihoster]

Description

If a secret in actions has a value similar to other secrets, subsequent secrets or variables will be overwritten.
How to reproduce:

1. Create empty repo and init it.
2. Create secret (name not meters but in my case it named "LOKI_USER") and set its value as, for example "loki"
3. Create another secret, (name not meters but in my case it named "LOKI_PASSWORD") and set its value similar but not exactly like in step 2. So in my case it will be supersecretlokipassword (word contain the "loki" string)
4. Create gitea actions CI\CD in order not to describe each step, I just provide a simple example when the bug is reproduced.

name: Prod CI/CD
on:
  push:
    branches:
      - 'master'

jobs:
  Prod-Build-Deploy:
    runs-on: ubuntu-latest
    steps:
      -
        name: Check out repository code
        uses: actions/checkout@v4
      -
        name: Print secret and var
        run: |
          echo "LOKI user var: ${{ vars.LOKI_USER }}"
          echo "LOKI user secret: ${{ secrets.LOKI_USER }}"
          echo "LOKI password var: ${{ vars.LOKI_PASSWORD }}"
          echo "LOKI password secret: ${{ secrets.LOKI_PASSWORD }}"

5. Commit your ci\cd and see output of step named "Print secret and var". You will see something like this:

6. If you delete for example variables and leave only secrets and change value of secret from "supersecretlokipassword" to for example json format "supersecret.loki.password" (dots added) you will see that now not the entire line is replaced, but only part of it:

Its seems like very hard to find bug i literally spend days to find what happens to my secrets and why it turn to "****". Only works with case sensitive secrets, so if you try to set LOKI_USER as "LOKI" and do not change password and leave it as "supersecretlokipassword" - nothing happens to it.

Version of gitea what i running (but also bug reproduces in older 1.23+ versions):
Latest ([1.23.6])

Gitea Version

1.23.6

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

2.43.0

Operating System

Ubuntu 24.04

How are you running Gitea?

Running as systemd service but i think its core gitea bug so you can reproduce this behavior no matter how you run gitea

Database

MySQL/MariaDB

[lunny]

How did you change a secret value? It looks like it hasn't been implemented until #32362 merged.

[lunny]

I followed the steps, but I couldn't reproduce it. Since you just delete vars and no workflow changes, the result should like this

LOKI user var: 
LOKI user secret: ***
LOKI password var: 
LOKI password secret: ***

but not

LOKI user secret: ***
LOKI password secret: ***

[Alexsandr-Random]

I followed the steps, but I couldn't reproduce it. Since you just delete vars and no workflow changes, the result should like this

LOKI user var: 
LOKI user secret: ***
LOKI password var: 
LOKI password secret: ***

but not

LOKI user secret: ***
LOKI password secret: ***

Hello. Don't close the problem, I will answer in more detail in a week. Now I'm going on vacation. Please provide the full order of actions and the value of the secrets that you created.
I have given a fairly detailed order of actions and the meaning of the secrets in the description.