search

Backendless / JS-Code-Runner

Backendless CodeRunner for Node.js
MIT License
7 stars 1 forks source link

Deploy stdout should have an option to hide sensitive information like API keys #55

Open aubreyyan opened 4 years ago

aubreyyan commented 4 years ago

Currently this is what happens on coderunner deploy

$ coderunner deploy --quiet
12:59:41.891 CodeRunner(tm) Backendless JavaScript CodeRunner v6.0.2
12:59:41.924 Copyright(C) 2020 Backendless Corp. All rights reserved.
12:59:41.980 Run Options is:  {
  "backendless": {
    "apiServer": "https://api.backendless.com",
    "msgBroker": {
      "host": "cl.backendless.com",
      "port": 6379
    },
    "public": {
      "fileDownloadUrl": "http://localhost:9000",
      "publicAPIUrl": "http://localhost:9000",
      "internalAPIUrl": "https://api.backendless.com"
    },
    "apiUrl": "https://api.backendless.com",
    "repoPath": "/var/lib/backendless/repo/"
  },
  "app": {
    "id": "62HIL0-UWL6N5M-WY6I1NL", <-- NOTE
    "apiKey": "CB1OL4-ZNL43I5BY8-ERZB", <-- NOTE
    "exclude": [
      "package.json",
      "coderunner.json",
      "README.md",
      "servercode.iml",
      "servercode.ipr",
      "servercode.iws"
    ],
    "model": "default"
  },
  "workers": {
    "cache": false,
    "concurrent": 4,
    "heartbeat": {
      "interval": 5,
      "timeout": 10
    }
  },
  "sandbox": false,
  "verbose": false,
  "compression": {
    "debug": false,
    "prod": false
  }
}
12:59:41.980 IMPORTANT!
The business logic code will be deployed to model "default".
Any business logic which is already deployed on the server in that model
will be removed and replaced with the code from your current project.
12:59:42.616 Building Model..
12:59:43.672 ServerCode Model built in 1056ms
12:59:43.672 Custom Types (1):
12:59:43.672   SampleModel (models/SampleModel.js)
12:59:43.672 Services (1):
12:59:43.673   SampleService (services/SampleService.js)
12:59:43.678 Preparing app zip file for deployment..
13:00:00.265 4 files added into deployment archive
13:00:00.276 Publishing Model to server
13:00:03.280 Successfully published

I replaced my actual app id and api keys with some random letters + numbers but obviously, if the app is going to be deployed through any kind of CI pipeline, it's not in anyone's best interests to expose those keys.

$ coderunner -h
Usage: coderunner [options] [command]

Options:
  -V, --version             output the version number
  -c, --config <path>       set config path. defaults to ./coderunner.json
  -a, --app-id <id>         Application Id
  -k, --app-key <key>       Application CodeRunner API Key
  -s, --api-server <url>    Backendless API Server URL
  -m, --model <model>       Business Logic model
  -q, --quiet               Don't show the confirmation dialog before deploy to Business Logic model
  --msg-broker-host <host>  Message Broker Host
  --msg-broker-port <port>  Message Broker Port
  --repo-path <path>        Backendless Repo Path
  --cache-limit <n>         Count for cached workers
  --keep-zip                Keep generated zip file after deploying
  --zip-size-confirmation   Confirm size of generated zip file before deploying
  --verbose                 Verbose mode. More information output.
  -h, --help                output usage information

Commands:
  debug                     debug business logic
  pro                       Pro CodeRunner
  deploy                    deploy business logic to production

As far as I'm aware, no option exists yet that would omit that info.

aubreyyan commented 4 years ago

The workaround I've found, which is not ideal, is coderunner deploy --quiet &> /dev/null