Shell executor on Windows Powershell spews setup commands and secrets in the log

I’ve set up a runner on a Windows 10 laptop at work, which I intend to run Android UI tests against physical hardware. In all steps of the job we can see under-the-hood gitlab commands being executed with local echo on the terminal. Included here are secrets such as “GITLAB_CI_RELEASE_SSH_KEY”. I don’t want this in my log. It totals to over 1000 lines.

Example output (highly truncated) from the step “Getting source from Git repository”:

PS C:\jobs> & {
>> $ErrorActionPreference = "Stop"

how can I suppress this?

My problem was that Gitlab was looking for pwsh. The correct solution was to change to the following line under the [[runners]] section of config.toml

shell = "powershell"

Instead I had done a fault workaround by providing pwsh.cmd that launched Powershell in an incorrect manner.

I will leave this answer here in case someone else does the same stupid mistake as me