Code smell: CodeCovSettings missing [SecretValue] attribute on Token property

[thomhurst]

Description

CodeCovSettings has a Token property that stores an API token but is missing the [SecretValue] attribute that other similar settings classes use.

File Locations

Missing attribute:

src/ModularPipelines.Build/Settings/CodeCovSettings.cs

public class CodeCovSettings
{
    public string? Token { get; init; }  // <-- Missing [SecretValue]
}

Correct pattern used elsewhere:

src/ModularPipelines.Build/Settings/NuGetSettings.cs

public record NuGetSettings
{
    [SecretValue]
    public string? ApiKey { get; init; }
}

src/ModularPipelines.Build/Settings/CodacySettings.cs

public record CodacySettings
{
    [SecretValue]
    public string? ApiKey { get; set; }
}

Why This Is a Problem

• Inconsistency with other settings classes
• The Token property likely contains a secret that should be obfuscated in logs
• Security concern - tokens without [SecretValue] may be logged in plain text

Suggested Fix

Add the [SecretValue] attribute to the Token property:

public class CodeCovSettings
{
    [SecretValue]
    public string? Token { get; init; }
}

[thomhurst]

This issue has already been resolved. The [SecretValue] attribute was added to CodeCovSettings.Token in commit 22b9325 (refactor: Convert CodeCovSettings from class to record #1719). The current file already contains the correct pattern:

public record CodeCovSettings
{
    [SecretValue]
    public string? Token { get; init; }
}

Closing as already fixed.