diff --git a/cmd/input.go b/cmd/input.go index 8f817f3..6ca40e9 100644 --- a/cmd/input.go +++ b/cmd/input.go @@ -20,6 +20,7 @@ type Input struct { noOutput bool envfile string secretfile string + insecureSecrets bool defaultBranch string privileged bool } diff --git a/cmd/root.go b/cmd/root.go index e9e2885..c823f3c 100644 --- a/cmd/root.go +++ b/cmd/root.go @@ -51,6 +51,7 @@ func Execute(ctx context.Context, version string) { rootCmd.PersistentFlags().BoolVarP(&input.noOutput, "quiet", "q", false, "disable logging of output from steps") rootCmd.PersistentFlags().BoolVarP(&input.dryrun, "dryrun", "n", false, "dryrun mode") rootCmd.PersistentFlags().StringVarP(&input.secretfile, "secret-file", "", "", "file with list of secrets to read from (e.g. --secret-file .secrets)") + rootCmd.PersistentFlags().BoolVarP(&input.insecureSecrets, "insecure-secrets", "", false, "NOT RECOMMENDED! Doesn't hide secrets while printing logs.") rootCmd.PersistentFlags().StringVarP(&input.envfile, "env-file", "", ".env", "environment file to read and use as env in the containers") rootCmd.SetArgs(args()) @@ -184,6 +185,7 @@ func newRunCommand(ctx context.Context, input *Input) func(*cobra.Command, []str LogOutput: !input.noOutput, Env: envs, Secrets: secrets, + InsecureSecrets: input.insecureSecrets, Platforms: input.newPlatforms(), Privileged: input.privileged, } diff --git a/pkg/runner/logger.go b/pkg/runner/logger.go index 89d85f4..8c3bb37 100644 --- a/pkg/runner/logger.go +++ b/pkg/runner/logger.go @@ -38,12 +38,13 @@ func init() { } // WithJobLogger attaches a new logger to context that is aware of steps -func WithJobLogger(ctx context.Context, jobName string, secrets map[string]string) context.Context { +func WithJobLogger(ctx context.Context, jobName string, secrets map[string]string, insecureSecrets bool) context.Context { mux.Lock() defer mux.Unlock() formatter := new(stepLogFormatter) formatter.color = colors[nextColor%len(colors)] formatter.secrets = secrets + formatter.insecureSecrets = insecureSecrets nextColor++ logger := logrus.New() @@ -56,16 +57,19 @@ func WithJobLogger(ctx context.Context, jobName string, secrets map[string]strin } type stepLogFormatter struct { - color int - secrets map[string]string + color int + secrets map[string]string + insecureSecrets bool } func (f *stepLogFormatter) Format(entry *logrus.Entry) ([]byte, error) { b := &bytes.Buffer{} - // Replace any secrets in the entry - for _, v := range f.secrets { - entry.Message = strings.ReplaceAll(entry.Message, v, "***") + // Replace any secrets in the entry if insecure-secrets flag is not used + if !f.insecureSecrets { + for _, v := range f.secrets { + entry.Message = strings.ReplaceAll(entry.Message, v, "***") + } } if f.isColored(entry) { diff --git a/pkg/runner/runner.go b/pkg/runner/runner.go index 8d8592f..a382e1f 100644 --- a/pkg/runner/runner.go +++ b/pkg/runner/runner.go @@ -28,6 +28,7 @@ type Config struct { LogOutput bool // log the output from docker run Env map[string]string // env for containers Secrets map[string]string // list of secrets + InsecureSecrets bool // switch hiding output when printing to terminal Platforms map[string]string // list of platforms Privileged bool // use privileged mode } @@ -75,7 +76,7 @@ func (runner *runnerImpl) NewPlanExecutor(plan *model.Plan) common.Executor { } stageExecutor = append(stageExecutor, func(ctx context.Context) error { jobName := fmt.Sprintf("%-*s", maxJobNameLen, rc.String()) - return rc.Executor()(WithJobLogger(ctx, jobName, rc.Config.Secrets)) + return rc.Executor()(WithJobLogger(ctx, jobName, rc.Config.Secrets, rc.Config.InsecureSecrets)) }) } }