In the provision script, salt-call runs with a log level of debug, which leads to it logging some sensitive credentials on standard output.
This makes it difficult to use provision on a CI system. Even while running manually, people often redirect a command's output to a log file (provision >> provisioning.log). That can also lead to credentials getting leaked inadvertently.
With this change, while executing normally, the provision script does not log any credentials. And whenever a detailed log is needed, it can be run with a debug flag (provision --debug)
In the
provision
script,salt-call
runs with a log level of debug, which leads to it logging some sensitive credentials on standard output.This makes it difficult to use
provision
on a CI system. Even while running manually, people often redirect a command's output to a log file (provision >> provisioning.log). That can also lead to credentials getting leaked inadvertently.With this change, while executing normally, the
provision
script does not log any credentials. And whenever a detailed log is needed, it can be run with a debug flag (provision --debug
)