Welcome to the Inedo Forums! Check out the Forums Guide for help getting started.
If you are experiencing any issues with the forum software, please visit the Contact Form on our website and let us know!
Hide passwords in environment variables
-
We need to pass a password to a unix shell script when executing the "Execute Command" action but we do not want the password printed in the BuildMaster log file for security reasons.
How can we do this ?
-
This would involve creating a custom action that masks the password to the logger.
Alternatively, there is the Builds_ViewDebugLogs (ID=76) security task that could be denied, but this would block all debug logs in the scope. Usually, that's ok though.
-
Normally we need to see all the logging info for audit purposes, so disabling logging would not be acceptable for us.
How do we create a custom action ? I could not see an action called "Custom Action"
-
The logging isn't disabled; build execution log entries with a debug level are simply not displayed to users who don't have that privilege.
By default the "View Only" role does not include the ability to view execution log entries.
We have a few tutorials for making a custom action here: http://inedo.com/support/tutorials
Alternatively you could store the password on the machine as an environment variable, and have the shell script retrieve it that way.