If xtrace is used the password is displayed in pod logs. To avoid this use the verbose instead. Using verbose the commands are displayed in logs as well, but env vars are not evaluated to their values so KUBE_PASSWORD is in logs, not the actual password.
Overview
If xtrace is used the password is displayed in pod logs. To avoid this use the verbose instead. Using verbose the commands are displayed in logs as well, but env vars are not evaluated to their values so KUBE_PASSWORD is in logs, not the actual password.
https://stackoverflow.com/questions/43387824/how-can-you-hide-env-variables-when-executing-a-bash-script-with-xe
Verification Steps
Eye review. You can reach out to me and I can show you the pod logs as a proof that this works as expected