Option to turn off plain text passwords in stdout during signing

corda / corda-gradle-plugins

Gradle plugins used by Corda and Cordapps

Other

24 stars 36 forks source link

Option to turn off plain text passwords in stdout during signing #303

Closed dazraf closed 3 years ago

dazraf commented 4 years ago

It appears that the current release outputs the signing storepass and keypass passwords as plain text to files. This is a problem for open source cordapps that expose the build output to contributors. Can we please have an option to not print out passwords? Ideally this should be environment driven so that it cannot be turned off by contributors.

Thanks.

mnesbit commented 4 years ago

Can you attach a log please

dazraf commented 4 years ago

Thanks @mnesbit Here's the log output, passwords manually masked by us:

Task ':cordite-cordapp:jar' is not up-to-date because:
   No history is available.
 Jar signing with following options: {alias=cordite, storepass=****, keystore=/tmp/keystore.jks, storetype=JKS, keypass=****, jar=/builds/cordite/cordite/cordapps/cordite-cordapp/build/libs/cordite-cordapp-0.4.9-SNAPSHOT.jar}