diff --git a/lib/main.js b/lib/main.js
index a55d7dc..977fcf8 100644
--- a/lib/main.js
+++ b/lib/main.js
@@ -52,6 +52,9 @@ export async function main(
     repositoryNames: [repo],
   });
 
+  // Register the token with the runner as a secret to ensure it is masked in logs
+  core.setSecret(authentication.token);
+
   core.setOutput("token", authentication.token);
 
   // Make token accessible to post function (so we can invalidate it)