*Issue:* An audit revealed that deployment scripts occasionally log configuration file snippets to CI/CD job logs, creating a high risk of accidental secret exposure.
*Corrective Action:* Integrate a secret-scrubbing tool into the CI/CD runner environment. This tool will automatically scan all log outputs for patterns matching known secret formats and mask them before they are saved.
*Result:* This action will significantly lower the risk of sensitive credentials being exposed in build and deployment logs.