The secrets are shown in plain text in Rules/Enforcements tab on WebUI

[yypptest]

SUMMARY

The action parameter with secret: true is shown in plain text on Rules/Enforcements section on WebUI

STACKSTORM VERSION

st2 3.7.0, on Python 3.8.12

OS, environment, install method

RedHat 8.6

Steps to reproduce the problem

---
name: full_backup
pack: mongodb
enabled: true
description: Performs a backup of MongoDB
runner_type: orquesta
entry_point: workflows/full_backup.yaml
parameters:
  mongodb_password:
    default: "{{ st2kv.system.mongodb_admin_password | decrypt_kv }}"
    type: string
    secret: true

---
name: mongodb_backup_cron
pack: backups
description: "Executes a mongodb backup on a cron schedule."
enabled: true

trigger:
  type: "core.st2.CronTimer"
  # http://apscheduler.readthedocs.io/en/3.0/modules/triggers/cron.html#api
  parameters:
      timezone: "UTC"
      day_of_week: "*"
      hour: 1
      minute: 0
      second: 0
  
action:
  ref: "backups.mongodb_backup"

Expected Results

The parameter mongodb_password should be masked on Web UI in Rules/Enforcements tab, no plain text should be displayed

Actual Results

The parameter mongodb_password is shown in plain text in Action input in the Rules/Enforcements tab on Web UI