-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change default of masking secrets to false unless running on CI #79
Comments
sayedihashimi
added a commit
that referenced
this issue
Apr 2, 2016
Due to #78 and #79 it not a good idea to override the built in ps functions in the way that we are now. I've modified how secrets are masked. Currently secrets will always be masked. The implementation is not quite as safe as the previous because previoulsy psbuild was overriding commands like write-host, write-output, etc to mask secrets. That had issues where the prompt was getting modified. Instead of that I've updated calls that can cause output to call Get-FilteredString instead. Including masking any exception messages. I'm pretty confident that secrets are still being masked correctly including in log files.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Due to #78 we should not enable masking secrets all the time. It's most important for CI builds so it would be better to default this to false, but if running on CI then enable it by default. We can use an environment variable
$env:PSBuildMaskSecrets=$true
to enable this behavior.The text was updated successfully, but these errors were encountered: