Ability for gradle to mask passwords when info-level debugging is enabled


(Peter Kester) #1

Hi,

Is there an option for gradle to mask passwords or other properties when info-level debugging is enabled?
When we run a gradle deployment for our specific environment we see unmasked passwords when info-level debugging is enabled.
Can we suppress that and if so, how is that done?

Thanks,

Peter


(James Justinic) #2

Not specifically, as there shouldn’t be a case where Gradle core logs a password at any level when using the built-in DSL for the features that accept credentials.

What do you mean by deployment? Traditional “deployment” would most likely be handled by a third-party plugin or possibly custom code in the build.

Depending on the source, your option is find a different plugin that treats credentials better, or fix the code. You’ll need to figure out what is logging it currently.

In any case, if you need to access credentials, it is probably best to use something (like https://plugins.gradle.org/plugin/nu.studer.credentials) that can encrypt the values so that you don’t store them anywhere as plain text. Of course, this won’t help if you decrypt them and hand them off to something that logs them, but it can separate them from non-sensitive properties.