Add option to disable hiding of secrets (#460)

cmd/input.go

@@ -20,6 +20,7 @@ type Input struct {
 	noOutput        bool
 	envfile         string
 	secretfile      string
+	insecureSecrets bool
 	defaultBranch   string
 	privileged      bool
 }

cmd/root.go

@@ -51,6 +51,7 @@ func Execute(ctx context.Context, version string) {
 	rootCmd.PersistentFlags().BoolVarP(&input.noOutput, "quiet", "q", false, "disable logging of output from steps")
 	rootCmd.PersistentFlags().BoolVarP(&input.dryrun, "dryrun", "n", false, "dryrun mode")
 	rootCmd.PersistentFlags().StringVarP(&input.secretfile, "secret-file", "", "", "file with list of secrets to read from (e.g. --secret-file .secrets)")
+	rootCmd.PersistentFlags().BoolVarP(&input.insecureSecrets, "insecure-secrets", "", false, "NOT RECOMMENDED! Doesn't hide secrets while printing logs.")
 	rootCmd.PersistentFlags().StringVarP(&input.envfile, "env-file", "", ".env", "environment file to read and use as env in the containers")
 	rootCmd.SetArgs(args())
 
@@ -184,6 +185,7 @@ func newRunCommand(ctx context.Context, input *Input) func(*cobra.Command, []str
 			LogOutput:       !input.noOutput,
 			Env:             envs,
 			Secrets:         secrets,
+			InsecureSecrets: input.insecureSecrets,
 			Platforms:       input.newPlatforms(),
 			Privileged:      input.privileged,
 		}

pkg/runner/logger.go

@@ -38,12 +38,13 @@ func init() {
 }
 
 // WithJobLogger attaches a new logger to context that is aware of steps
-func WithJobLogger(ctx context.Context, jobName string, secrets map[string]string) context.Context {
+func WithJobLogger(ctx context.Context, jobName string, secrets map[string]string, insecureSecrets bool) context.Context {
 	mux.Lock()
 	defer mux.Unlock()
 	formatter := new(stepLogFormatter)
 	formatter.color = colors[nextColor%len(colors)]
 	formatter.secrets = secrets
+	formatter.insecureSecrets = insecureSecrets
 	nextColor++
 
 	logger := logrus.New()
@@ -56,16 +57,19 @@ func WithJobLogger(ctx context.Context, jobName string, secrets map[string]strin
 }
 
 type stepLogFormatter struct {
-	color   int
+	color           int
-	secrets map[string]string
+	secrets         map[string]string
+	insecureSecrets bool
 }
 
 func (f *stepLogFormatter) Format(entry *logrus.Entry) ([]byte, error) {
 	b := &bytes.Buffer{}
 
-	// Replace any secrets in the entry
+	// Replace any secrets in the entry if insecure-secrets flag is not used
-	for _, v := range f.secrets {
+	if !f.insecureSecrets {
-		entry.Message = strings.ReplaceAll(entry.Message, v, "***")
+		for _, v := range f.secrets {
+			entry.Message = strings.ReplaceAll(entry.Message, v, "***")
+		}
 	}
 
 	if f.isColored(entry) {

pkg/runner/runner.go

@@ -28,6 +28,7 @@ type Config struct {
 	LogOutput       bool              // log the output from docker run
 	Env             map[string]string // env for containers
 	Secrets         map[string]string // list of secrets
+	InsecureSecrets bool              // switch hiding output when printing to terminal
 	Platforms       map[string]string // list of platforms
 	Privileged      bool              // use privileged mode
 }
@@ -75,7 +76,7 @@ func (runner *runnerImpl) NewPlanExecutor(plan *model.Plan) common.Executor {
 				}
 				stageExecutor = append(stageExecutor, func(ctx context.Context) error {
 					jobName := fmt.Sprintf("%-*s", maxJobNameLen, rc.String())
-					return rc.Executor()(WithJobLogger(ctx, jobName, rc.Config.Secrets))
+					return rc.Executor()(WithJobLogger(ctx, jobName, rc.Config.Secrets, rc.Config.InsecureSecrets))
 				})
 			}
 		}