Menu
I have a shell-based concourse task which uses semi-sensitive credentials (a key to a test server) in one of its commands. I'd like to avoid this being logged in the task output.
The gist of the pipeline is:
jobs:
- name: foobar
plan:
<...>
- task: build
config:
platform: linux
image_resource:
type: docker-image
source:
repository: ubuntu
<...>
run:
path: bash
args:
- -exc
- |
command-which-is-ok-to-print
foobar {{my-secret-data}} # <-- hide this one!
another-command-which-is-ok-to-print
Currently the output appears as:
+ command-which-is-ok-to-print
results of first command which are OK to print
+ foobar "oh-no-secret-data-here!" <-- hide this one!
more results which are OK to print
+ another-command-which-is-ok-to-print
even more results which are OK to print
Is there a way to suppress printing this specific line?
345
I twigged that -exc was actually setting the flags e and x (I'd assumed it was short-hand for execute!
The -x is what causes the commands to be echoed (by bash itself rather than concourse), so this successfully prevented a single command being executed:
<...>
run:
path: bash
args:
- -exc
- |
command-which-is-ok-to-print
set +x
foobar {{my-secret-data}}
set -x
another-command-which-is-ok-to-print
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With