Based on the research, I can address both of your concerns: 1. GitHub Token Exposure: This is definitely NOT expected behavior. GitHub tokens should never be exposed in plain text in logs - this is a security concern that should be addressed. To properly handle this: - Use a GitHubCredentials block to securely store your GitHub token - The token should be stored as a secret and only referenced, never displayed in logs - Use minimal scope for the token (repo access for private repositories) 2. Git SHA Deployment Issue: Could you share the specific error you're seeing? While I understand it's trying to use the SHA as a branch name (which is incorrect behavior), seeing the exact error would help identify if this is a known issue or a new bug that needs to be reported. To properly deploy from a specific commit SHA in Prefect 3.x, you should use:

python
from prefect import flow
from prefect.deployments import Deployment

@flow
def my_flow():
    pass

deployment = flow.from_source(
    source="<https://github.com/your-org/your-repo>",
    entrypoint="path/to/file.py:my_flow",
    reference="your-commit-sha"  # Specify the exact commit SHA here
).deploy(
    name="my-deployment",
    work_pool_name="your-work-pool"
)

Could you: 1. Confirm if you're using this approach or a different one? 2. Share the specific error message you're seeing? 3. Let me know how you're currently handling the GitHub credentials? This will help me provide more targeted assistance and, if needed, help file a bug report for either the token exposure or the SHA handling issue. Also, as a security precaution, if you've noticed your GitHub token exposed in logs, I recommend: 1. Immediately revoke that token in GitHub 2. Generate a new token with minimal required permissions 3. Update your Prefect configuration to use the new token via a proper GitHubCredentials block