Update: Any text in the action output which matches sensitive or password variables available to the build is now masked when written to the build log. This can be switched off using the server property “Logging.MaskTextMatchingSecureVariableValues”
The SSH Script action handles command output differently from other actions which run a command process. The new action output masking is applied only to the output of an external processes run by Continua CI. We’ll update the action to ensure that its output is also processed.
Note also however that expressions in Text variables are expanded on build start. As they have already been expanded and the variable value replaced when the action is run, we no longer have details of any variables that they are made up of. Therefore, the normal log masking that happens with command lines written to the log directly by Continua will not happen for these variables. We recommend that you change it to an Expression variable that is expanded when used.
OK, made a small change and instead of expanding the sensitive variable inside a regular variable -
I am now expanding the sensitive variable directly in the action itself.
The thing is - the action is still the same SSH Script action
so for now the password is still showing in the log for the reason you have given.
We’ll wait for you to update the action to resolve this.
Thanks again!
