我有一个基于 shell 的 concourse 任务,它在其中一个命令中使用半敏感凭据(测试服务器的密钥)。我想避免将其记录在任务输出中。
管道的要点是:
jobs:
- name: foobar
plan:
<...>
- task: build
config:
platform: linux
image_resource:
type: docker-image
source:
repository: ubuntu
<...>
run:
path: bash
args:
- -exc
- |
command-which-is-ok-to-print
foobar {{my-secret-data}} # <-- hide this one!
another-command-which-is-ok-to-print
目前输出显示为:
+ command-which-is-ok-to-print
results of first command which are OK to print
+ foobar "oh-no-secret-data-here!" <-- hide this one!
more results which are OK to print
+ another-command-which-is-ok-to-print
even more results which are OK to print
有没有办法抑制打印此特定行?
我认为这-exc实际上是在设置标志e并且x(我认为它是execute!
这-x就是导致命令被回显的原因(通过 bash 本身而不是 concourse),因此这成功地阻止了单个命令的执行:
<...>
run:
path: bash
args:
- -exc
- |
command-which-is-ok-to-print
set +x
foobar {{my-secret-data}}
set -x
another-command-which-is-ok-to-print