Below 6.7 gradle releases gradle appears to be printing environment keys and values Do not print environment variable values to debug log · gradle/gradle@394bf3b · GitHub which was subsequently fixed.
We had a customer turn on DEVELOCITY_INJECTION_DEBUG =true which propagates to gradle and gradle ends up printing the environment keys and values which contains secrets (eg ci secrets)
Now this appears to be because a gradle daemon blew up due to OOM and our investigation logs shows up as [DEBUG] [org.gradle.launcher.daemon.server.exec.EstablishBuildEnvironment] Configuring env variables:
My question is : sadly we cant upgrade gradle versions yet..
- is there a way i can send a cli argument to our gradlew commands that ignores the gradle debug level even if DEVELOCITY_INJECTION_DEBUG is turned on or even org.gradle.logging.level=DEBUG in gradle.properties for that matter.
- are there any other places i need to be worried about , as in gradle printing env map even in info mode?