Change default of masking secrets to false unless running on CI #79
Comments
sayedihashimi
added a commit
that referenced
this issue
Apr 2, 2016
Due to #78 and #79 it not a good idea to override the built in ps functions in the way that we are now. I've modified how secrets are masked. Currently secrets will always be masked. The implementation is not quite as safe as the previous because previoulsy psbuild was overriding commands like write-host, write-output, etc to mask secrets. That had issues where the prompt was getting modified. Instead of that I've updated calls that can cause output to call Get-FilteredString instead. Including masking any exception messages. I'm pretty confident that secrets are still being masked correctly including in log files.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Due to #78 we should not enable masking secrets all the time. It's most important for CI builds so it would be better to default this to false, but if running on CI then enable it by default. We can use an environment variable
$env:PSBuildMaskSecrets=$trueto enable this behavior.The text was updated successfully, but these errors were encountered: