search

jonas-haeusler / jasypt-maven-plugin

Properties Maven Plugin with Jasypt support
Apache License 2.0
3 stars 1 forks source link

Please add option to suppress log messages showing decrypted values #88

Closed errodrigues closed 8 months ago

errodrigues commented 8 months ago

Hi,

1st of all, thanks for this plugin. It proved extremely useful recently in the project I'm working on. I do have 1 small ask/suggestion: please add an option to the plugin's configuration to disable the INFO level log messages showing the values of all decrypted properties when executing the read-project-properties goal.

Currently, afaik, this is not possible, and we see the following in Maven's console output:

[INFO] --- jasypt-maven-plugin:1.0:read-project-properties (read-ci-properties) @ my.module ---
[INFO] decrypted property ENC(XcRWCXSufxONGSciLeToFspTqDko6+EY0ui9Hzmj2BGF63yjt8f9yVN6V6w2qAkz) to value abc
[INFO] decrypted property ENC(6+arM5l1rwOe6AWuWzrMSr99rVVe0FxiGsrrsvMo8wNS2FMD8uSKNwyoX2nfN3/9) to value def
[INFO] decrypted property ENC(JBmYrIfBln5iH0Kr6JlnaaJD6Xf6HL1iJ8/0BToqIXKM3be/WGMuE8bPitcPdD/3) to value ghi

Would be nice to have an option to suppress the log messages above. For example:

<plugin>
    <groupId>dev.haeusler</groupId>
    <artifactId>jasypt-maven-plugin</artifactId>
    <goals><goal>read-project-properties</goal></goals>
    <configuration>
        <!-- could default to true -->
        <logDecryptedValues>false</logDecryptedValues> 
    </configuration>
</plugin>

This would be especially useful in CICD pipelines where showing passwords and/or other secrets so prominently in console output, even if test-specific, might not be desired.

Thanks in advance for the consideration, Eduardo.

errodrigues commented 8 months ago

I created PR #89 to help.

errodrigues commented 8 months ago

@jonas-haeusler , any thoughts?

jonas-haeusler commented 8 months ago

hi @errodrigues, thanks for the PR! i think disabling the logging by default is the right way to go. i modified your PR accordingly and merged it.

if you have the time, please check out if everything is working for you as expected. version 1.2, with your changes included, is now available: https://s01.oss.sonatype.org/content/repositories/releases/dev/haeusler/jasypt-maven-plugin/1.2/

errodrigues commented 8 months ago

Thanks @jonas-haeusler ! I will sure try it out as soon as possible and report back here.