[ https://issues.apache.org/jira/browse/CB-11528?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15417987#comment-15417987 ]
ASF subversion and git services commented on CB-11528: ------------------------------------------------------ Commit 172349d634a015b6aebb02ec5c17b53dcbf9eabf in cordova-ios's branch refs/heads/master from [~shazron] [ https://git-wip-us.apache.org/repos/asf?p=cordova-ios.git;h=172349d ] CB-11528 - Remove verbose mode from xcrun in build.js to prevent logging of environment variables. > Remove verbose mode from xcrun in build.js to prevent logging of environment > variables. > --------------------------------------------------------------------------------------- > > Key: CB-11528 > URL: https://issues.apache.org/jira/browse/CB-11528 > Project: Apache Cordova > Issue Type: Improvement > Components: iOS > Reporter: Meir Gottlieb > Assignee: Shazron Abdullah > > During the build process for IOS, xcrun is called with the "-v" option for > verbose output. As part of the output, xcrun prints out all the environment > variables. This can be a security issue on CI servers because CI servers > often provide a way to store encrypted secrets that are decrypted and put in > environment variables during the build. When xcrun prints out all the > environment variables, the output on the CI server is then logged containing > the unencrypted versions of the secrets. > Current the workaround is to use the --noSign option and then call xcrun > directly. However, it would be nice to remove the "-v" option when calling > "xcrun" in Cordova. -- This message was sent by Atlassian JIRA (v6.3.4#6332) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org