How can Auth Tokens be used securly in core.http runner?


I want to make an API call by using an auth token which should not be passed as cleartext to the logs.
The API request is working if I pass the Token via header in the format below:


But if I do it like this, it’s value is cleartext leaked to the Stackstorm logs. I tried to use “auth” parameter which fails all the time even if you use the example ‘x-auth-token=XYZ’.

Always an error like this is received:

'str' object is not callable
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/st2actions/container/", line 128, in _do_run
    (status, result, context) =
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/http_runner/", line 113, in run
    result =
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/http_runner/", line 262, in run
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/requests/", line 61, in request
    return session.request(method=method, url=url, **kwargs)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/requests/", line 516, in request
    prep = self.prepare_request(req)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/requests/", line 459, in prepare_request
    hooks=merge_hooks(request.hooks, self.hooks),
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/requests/", line 318, in prepare
    self.prepare_auth(auth, url)
  File "/opt/stackstorm/st2/lib/python3.6/site-packages/requests/", line 549, in prepare_auth
    r = auth(self)

Is there any possibility to to use a token in a safe way? BasicAuth is not possible.