In some cases environment variables are useful to print out, it would be helpful to be able to whitelist the ones we'd like to show.
Yeah, in some cases the masking has been confusing for our developers. In particular, having an `ENVIRONMENT=test` variable I think is quite common. But every instance of the word "test" is blotted out in our logs, e.g.:
PASS api/__****s__/raters/westchester/serial/mpl/requestQuoteUtils.****.ts (13.295s, 198 MB heap size)
PASS api/__testss__/raters/westchester/serial/mpl/requestQuoteUtils.test.ts (13.295s, 198 MB heap size)
Yeah this is pretty broken. Our company name is masked because it’s also our SENTRY_ORG for some projects.
This problem is exacerbated by the fact that developers do not control the use of environment variables for Orbs, some of which use them for config instead of secrets.
We print out URLs in our logs to heavier deeper logs, such as:
The command failed. For more information, check the Cloudwatch logs:
But none of those URLs work anymore because we made our region an Environment variable. There are others that print out the ARN of a resource that fails. They're broken because our AWS account number (which is not really a secret) is a variable too, in case we need to break up products to different accounts.
Are only environment variables masked, or does CircleCI have any additional pattern-based masking? If so I'd like a way to surround output I don't want to be masked with some kind of escape sequence.
You won't be notified about changes to this idea.