microsoft
diff --git a/‎Tasks/CargoAuthenticateV0/_buildConfigs/Node20/Tests/package-lock.json
+11-3 b/‎Tasks/CargoAuthenticateV0/_buildConfigs/Node20/Tests/package-lock.json
+11-3
diff --git a/‎Tasks/CargoAuthenticateV0/_buildConfigs/Node20/package-lock.json
+924-777 b/‎Tasks/CargoAuthenticateV0/_buildConfigs/Node20/package-lock.json
+924-777
diff --git a/‎Tasks/CargoAuthenticateV0/cargoauthenticatemain.ts
+12-3 b/‎Tasks/CargoAuthenticateV0/cargoauthenticatemain.ts
+12-3
diff --git a/‎Tasks/CargoAuthenticateV0/task.json
+1-1 b/‎Tasks/CargoAuthenticateV0/task.json
+1-1
diff --git a/‎Tasks/CargoAuthenticateV0/task.loc.json
+1-1 b/‎Tasks/CargoAuthenticateV0/task.loc.json
+1-1
diff --git a/‎_generated/CargoAuthenticateV0.versionmap.txt
+2-2 b/‎_generated/CargoAuthenticateV0.versionmap.txt
+2-2
diff --git a/‎_generated/CargoAuthenticateV0/cargoauthenticatemain.ts
+12-3 b/‎_generated/CargoAuthenticateV0/cargoauthenticatemain.ts
+12-3
diff --git a/‎_generated/CargoAuthenticateV0/task.json
+3-3 b/‎_generated/CargoAuthenticateV0/task.json
+3-3
diff --git a/‎_generated/CargoAuthenticateV0/task.loc.json
+3-3 b/‎_generated/CargoAuthenticateV0/task.loc.json
+3-3
diff --git a/‎_generated/CargoAuthenticateV0_Node20/Tests/package-lock.json
+11-3 b/‎_generated/CargoAuthenticateV0_Node20/Tests/package-lock.json
+11-3
diff --git a/‎_generated/CargoAuthenticateV0_Node20/cargoauthenticatemain.ts
+12-3 b/‎_generated/CargoAuthenticateV0_Node20/cargoauthenticatemain.ts
+12-3
@@ -66,7 +66,7 @@ async function main(): Promise<void> {
 
                     const tokenAuthInfo = serviceConnection as TokenServiceConnection;
                     tl.debug(`Detected token credentials for '${serviceConnection.packageSource.uri}'`);
-                    tl.setVariable("CARGO_REGISTRY_TOKEN", tokenAuthInfo.token);
+                    setSecretEnvVariable("CARGO_REGISTRY_TOKEN", tokenAuthInfo.token);
                     tl.setVariable("CARGO_REGISTRY_CREDENTIAL_PROVIDER", "cargo:token");
                     break;
                 default:
@@ -87,14 +87,14 @@ async function main(): Promise<void> {
                         currentRegistry = registry;
                         tl.debug(`Detected username/password or PAT credentials for '${serviceConnection.packageSource.uri}'`);
                         tl.debug(tl.loc('AddingAuthExternalRegistry', registry, tokenName));
-                        tl.setVariable(tokenName, `Basic ${base64.encode(utf8.encode(`${usernamePasswordAuthInfo.username}:${usernamePasswordAuthInfo.password}`))}`);
+                        setSecretEnvVariable(tokenName, `Basic ${base64.encode(utf8.encode(`${usernamePasswordAuthInfo.username}:${usernamePasswordAuthInfo.password}`))}`);
                         tl.setVariable(credProviderName, "cargo:token");
                     }      
                 }
                 // Default to internal registry if no token has been set yet
                 if (!currentRegistry) {
                     tl.debug(tl.loc('AddingAuthRegistry', registry, tokenName));
-                    tl.setVariable(tokenName, localAccesstoken);
+                    setSecretEnvVariable(tokenName, localAccesstoken);
                     tl.setVariable(credProviderName, "cargo:token");
                 }  
             }   
@@ -108,4 +108,13 @@ async function main(): Promise<void> {
     }
 }
 
+// Register the value as a secret to the logger before setting the value  in an enviornment variable.
+// Use when needed to set a specific enviornment variable whose value is a secret. We cannot use 
+// setVariable(_, , isSecret=true) because it adds SECRET_ as a prefix to the env variable.
+// TODO: Move to a common location
+function setSecretEnvVariable(variableName: string, value: string){
+    tl.setSecret(value);
+    tl.setVariable(variableName, value);
+}
+
 main();
@@ -9,7 +9,7 @@
   "author": "Microsoft Corporation",
   "version": {
     "Major": 0,
-    "Minor": 238,
+    "Minor": 240,
     "Patch": 0
   },
   "runsOn": [
 
@@ -9,7 +9,7 @@
   "author": "Microsoft Corporation",
   "version": {
     "Major": 0,
-    "Minor": 238,
+    "Minor": 240,
     "Patch": 0
   },
   "runsOn": [
 
@@ -1,2 +1,2 @@
-Default|0.238.0
-Node20_229_1|0.238.1
+Default|0.240.0
+Node20_229_1|0.240.1
@@ -66,7 +66,7 @@ async function main(): Promise<void> {
 
                     const tokenAuthInfo = serviceConnection as TokenServiceConnection;
                     tl.debug(`Detected token credentials for '${serviceConnection.packageSource.uri}'`);
-                    tl.setVariable("CARGO_REGISTRY_TOKEN", tokenAuthInfo.token);
+                    setSecretEnvVariable("CARGO_REGISTRY_TOKEN", tokenAuthInfo.token);
                     tl.setVariable("CARGO_REGISTRY_CREDENTIAL_PROVIDER", "cargo:token");
                     break;
                 default:
@@ -87,14 +87,14 @@ async function main(): Promise<void> {
                         currentRegistry = registry;
                         tl.debug(`Detected username/password or PAT credentials for '${serviceConnection.packageSource.uri}'`);
                         tl.debug(tl.loc('AddingAuthExternalRegistry', registry, tokenName));
-                        tl.setVariable(tokenName, `Basic ${base64.encode(utf8.encode(`${usernamePasswordAuthInfo.username}:${usernamePasswordAuthInfo.password}`))}`);
+                        setSecretEnvVariable(tokenName, `Basic ${base64.encode(utf8.encode(`${usernamePasswordAuthInfo.username}:${usernamePasswordAuthInfo.password}`))}`);
                         tl.setVariable(credProviderName, "cargo:token");
                     }      
                 }
                 // Default to internal registry if no token has been set yet
                 if (!currentRegistry) {
                     tl.debug(tl.loc('AddingAuthRegistry', registry, tokenName));
-                    tl.setVariable(tokenName, localAccesstoken);
+                    setSecretEnvVariable(tokenName, localAccesstoken);
                     tl.setVariable(credProviderName, "cargo:token");
                 }  
             }   
@@ -108,4 +108,13 @@ async function main(): Promise<void> {
     }
 }
 
+// Register the value as a secret to the logger before setting the value  in an enviornment variable.
+// Use when needed to set a specific enviornment variable whose value is a secret. We cannot use 
+// setVariable(_, , isSecret=true) because it adds SECRET_ as a prefix to the env variable.
+// TODO: Move to a common location
+function setSecretEnvVariable(variableName: string, value: string){
+    tl.setSecret(value);
+    tl.setVariable(variableName, value);
+}
+
 main();
@@ -9,7 +9,7 @@
   "author": "Microsoft Corporation",
   "version": {
     "Major": 0,
-    "Minor": 238,
+    "Minor": 240,
     "Patch": 0
   },
   "runsOn": [
@@ -55,7 +55,7 @@
     "AddingAuthExternalRegistry": "Adding auth for external registry: %s with token name: %s"
   },
   "_buildConfigMapping": {
-    "Default": "0.238.0",
-    "Node20_229_1": "0.238.1"
+    "Default": "0.240.0",
+    "Node20_229_1": "0.240.1"
   }
 }
@@ -9,7 +9,7 @@
   "author": "Microsoft Corporation",
   "version": {
     "Major": 0,
-    "Minor": 238,
+    "Minor": 240,
     "Patch": 0
   },
   "runsOn": [
@@ -55,7 +55,7 @@
     "AddingAuthExternalRegistry": "ms-resource:loc.messages.AddingAuthExternalRegistry"
   },
   "_buildConfigMapping": {
-    "Default": "0.238.0",
-    "Node20_229_1": "0.238.1"
+    "Default": "0.240.0",
+    "Node20_229_1": "0.240.1"
   }
 }
@@ -66,7 +66,7 @@ async function main(): Promise<void> {
 
                     const tokenAuthInfo = serviceConnection as TokenServiceConnection;
                     tl.debug(`Detected token credentials for '${serviceConnection.packageSource.uri}'`);
-                    tl.setVariable("CARGO_REGISTRY_TOKEN", tokenAuthInfo.token);
+                    setSecretEnvVariable("CARGO_REGISTRY_TOKEN", tokenAuthInfo.token);
                     tl.setVariable("CARGO_REGISTRY_CREDENTIAL_PROVIDER", "cargo:token");
                     break;
                 default:
@@ -87,14 +87,14 @@ async function main(): Promise<void> {
                         currentRegistry = registry;
                         tl.debug(`Detected username/password or PAT credentials for '${serviceConnection.packageSource.uri}'`);
                         tl.debug(tl.loc('AddingAuthExternalRegistry', registry, tokenName));
-                        tl.setVariable(tokenName, `Basic ${base64.encode(utf8.encode(`${usernamePasswordAuthInfo.username}:${usernamePasswordAuthInfo.password}`))}`);
+                        setSecretEnvVariable(tokenName, `Basic ${base64.encode(utf8.encode(`${usernamePasswordAuthInfo.username}:${usernamePasswordAuthInfo.password}`))}`);
                         tl.setVariable(credProviderName, "cargo:token");
                     }      
                 }
                 // Default to internal registry if no token has been set yet
                 if (!currentRegistry) {
                     tl.debug(tl.loc('AddingAuthRegistry', registry, tokenName));
-                    tl.setVariable(tokenName, localAccesstoken);
+                    setSecretEnvVariable(tokenName, localAccesstoken);
                     tl.setVariable(credProviderName, "cargo:token");
                 }  
             }   
@@ -108,4 +108,13 @@ async function main(): Promise<void> {
     }
 }
 
+// Register the value as a secret to the logger before setting the value  in an enviornment variable.
+// Use when needed to set a specific enviornment variable whose value is a secret. We cannot use 
+// setVariable(_, , isSecret=true) because it adds SECRET_ as a prefix to the env variable.
+// TODO: Move to a common location
+function setSecretEnvVariable(variableName: string, value: string){
+    tl.setSecret(value);
+    tl.setVariable(variableName, value);
+}
+
 main();