From 78c1989e1fd755d9b43632c5d6eb8cae52b9cdcd Mon Sep 17 00:00:00 2001
From: Floris van der Grinten <floris.vandergrinten@agilebits.com>
Date: Thu, 27 May 2021 19:01:56 +0200
Subject: [PATCH] Rephrase section about masking

---
 README.md | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/README.md b/README.md
index 1bd5fc4..c3f18a4 100644
--- a/README.md
+++ b/README.md
@@ -107,10 +107,11 @@ So for example, the reference URI `op://app-cicd/aws/secret-access-key` would be
 
 ## Masking
 
-Just like regular GitHub repository secrets, secrets loaded from 1Password will automatically be masked from the GitHub Actions logs too.
-If they accidentally get printed, they'll get replaced with `***`.
+Similar to regular GitHub repository secrets, secret fields from 1Password will automatically be masked from the GitHub Actions logs too.
+A 1Password field is considered 'secret' when it's marked as concealed (which shows as `•••••••` in the 1Password GUI) or when it's a secure note.
+So if one of these values accidentally gets printed, it'll get replaced with `***`.
 
-To avoid unnecessary masks (like a username field), masks are only applied on fields marked as concealed (which show as `•••••` in the 1Password GUI) and on secure notes.
+This means that a username or port field for example will not get masked.
 
 ## 1Password Connect Configuration