When running an advanced PowerShell deployment step it is possible to make use of additional arguments to the standard choco install/upgrade commands, for example, using package-parameters-sensitive. Within Chocolatey itself, when these arguments are detected, these arguments (in fact the entire command) is not added into the Chocolatey log file.
However, when this deployment step is executed via a CCM Deployment, and then via the Chocolatey Agent on the client machine, the entire command is written into the CCM Deployment log.
What is Expected?
The sensitive parameters should be obfuscated or not added in the log output within Chocolatey Central Management.
How Did You Get This To Happen? (Steps to Reproduce)
Run an upgrade command like the following for the chocolatey-agent package:
What You Are Seeing?
When running an advanced PowerShell deployment step it is possible to make use of additional arguments to the standard
choco install/upgrade
commands, for example, usingpackage-parameters-sensitive
. Within Chocolatey itself, when these arguments are detected, these arguments (in fact the entire command) is not added into the Chocolatey log file.However, when this deployment step is executed via a CCM Deployment, and then via the Chocolatey Agent on the client machine, the entire command is written into the CCM Deployment log.
What is Expected?
The sensitive parameters should be obfuscated or not added in the log output within Chocolatey Central Management.
How Did You Get This To Happen? (Steps to Reproduce)
Run an upgrade command like the following for the chocolatey-agent package:
References
┆Issue is synchronized with this Gitlab issue by Unito ┆Milestone: 0.12.1