github.com/upcmd/up@v0.8.1-0.20230108151705-ad8b797bf04f/tests/functests/p0210.yml (about) 1 doc_meta: | 2 folder: security 3 title: mask senstive input 4 head: | 5 When you use prompt to accept user input, the terminal will log the senstive information, such as password. There is chance this will go to the logs and be exposed to cause security issue. 6 7 Requirement from issue: https://github.com/upcmd/up/issues/20 8 9 sections: 10 - title: Demo 11 log: yes 12 13 tasks: 14 - 15 name: task 16 task: 17 - func: shell 18 desc: input raw value 19 dvars: 20 - name: username 21 flags: [prompt,] 22 do: 23 - echo "hello {{.username}}" 24 25 - func: shell 26 desc: | 27 input secret, eg a password 28 this will be masked 29 however password is still leaked during the debugging or in higher verbose level 30 dvars: 31 - name: password 32 flags: [prompt, masked] 33 do: 34 - echo "password is - {{.password}}" 35 36 - func: shell 37 desc: | 38 password will be saved and kept into vault intead 39 dvars: 40 - name: protectedPassword 41 flags: 42 - prompt 43 - masked 44 - secret 45 do: 46 - echo "this print out nothing as protectedPassword is stored in the vault as secret" 47 - echo "protectedPassword is - {{.protectedPassword}}" 48 - echo "this print out the retrieved secret from vault" 49 - echo "protectedPassword is - {{ "protectedPassword" | fromVault}}"