diff --git a/.github/actions/mask_secrets/README.md b/.github/actions/mask_secrets/README.md
deleted file mode 100644
index 5637ba0b..00000000
--- a/.github/actions/mask_secrets/README.md
+++ /dev/null
@@ -1,45 +0,0 @@
-# Mask Secrets Github Action
-
-Iterate all GitHub secrets and replace occurrences treewide with
-`***NAME_OF_SECRET***`.
-
-This is intended for use before the `upload-artifact` action to mask
-secrets found in log files as a result of the CI tests. This prevents
-secrets from appearing in publicly-downloadable archives attached to
-workflow runs.
-
-## Known Issues
-
-1. Replacements occur tree-wide. This should be used after the tests
-   have run to avoid corrupting tests.
-2. The regex used for the replacement cannot be applied to secrets that
-   have linefeed characters in them. These secrets will be skipped
-   without notice.
-
-## Usage
-
-```
-  - name: Mask secrets in logs
-    id: mask-logs
-    if: always()
-    uses: ./.github/actions/mask_secrets
-    with:
-      secrets-json: ${{ toJson(secrets) }}
-
-  - name: Upload artifacts
-    uses: actions/upload-artifact@v4
-    if: always() && steps.mask-logs.outcome == 'success'
-    with:
-      name: name-for-the-uploaded-archive
-      path: |
-        path-to/file-to-archive.log
-```
-
-- The `uses` path may change based on how your workflow checks out the
-  repository. (eg: `uses:
-  ./modules/lib/golioth-firmware-sdk/.github/actions/mask_secrets`).
-- Secrets must be passed as serialized JSON as in the example above.
-  This is because actions cannot inherit secrets. Reusable workflows can
-  inherit secrets but they cannot be run as steps (only as jobs).
-- Use the `if` step cited above to ensure that if the mask secrets step
-  fails, no artifacts are uploaded.
diff --git a/.github/actions/mask_secrets/action.yml b/.github/actions/mask_secrets/action.yml
deleted file mode 100644
index 38c66134..00000000
--- a/.github/actions/mask_secrets/action.yml
+++ /dev/null
@@ -1,35 +0,0 @@
-name: Mask secrets in files
-
-description: |
-  Crawl the current tree, finding any GitHub secret and replacing it with
-  ***NAME_OF_SECRET***
-
-inputs:
-  secrets-json:
-    description: 'Secrets context to be masked, in JSON format'
-    required: true
-
-runs:
-  using: composite
-  steps:
-    - name: Find and mask
-      shell: bash
-      env:
-        SECRETS_CONTEXT: '${{ inputs.secrets-json }}'
-      run: |
-        if ! command -v jq; then
-          apt update && apt install -y jq
-        fi
-
-        for key in $(jq -r "keys[]" <<< "$SECRETS_CONTEXT");
-        do
-          secret_val=$(jq -r ".$key" <<< "$SECRETS_CONTEXT")
-
-          if [[ ! $secret_val =~ "\n" ]]; then
-            # This approach to escaping the regex found: https://stackoverflow.com/a/29613573/922013
-            ESCAPED_SECRET=$(sed 's/[^^]/[&]/g; s/\^/\\^/g' <<< "$secret_val")
-
-            # Always return true, otherwise a grep that doesn't find files will cause step to fail
-            [ $(grep -Rl $ESCAPED_SECRET | xargs -I{} sed -i "s/$ESCAPED_SECRET/***$key***/g" {}) >= 0 ]
-          fi
-        done