A third-party security service got hacked, and then hackers used that to collect highly sensitive information from that service's user.

To fix this, let's add another third-party security service and give it all the sensitive information. I am sure it won't get hacked!

The Trivy malware bypassed log masking entirely by reading directly from runner process memory. Secrets managers did not help because the credentials had already been retrieved and placed in memory as plaintext strings. That is what got stolen.