We also need to sanitize the actual debug log messages (not just the first
one during bootstrap), because all agents end up reporting their passwords
via the API, as well as users, etc.
So it isn't *just* sanitizing this one message. Though I also agree that
I've definitely been aided by looking at
+1 on not killing the jenv logging - we just need to sanitise out the secrets.
On 29/05/14 11:18, Andrew Wilkins wrote:
> On Thu, May 29, 2014 at 4:25 AM, Nate Finch wrote:
>
>> Today I learned CI isn't running with --debug because they don't want to
>> expose sensitive data in their jenv... whic
On Thu, May 29, 2014 at 4:25 AM, Nate Finch wrote:
> Today I learned CI isn't running with --debug because they don't want to
> expose sensitive data in their jenv... which gets logged when you run with
> --debug. However, it also means that we don't get all our really useful
> debug log messages
Today I learned CI isn't running with --debug because they don't want to
expose sensitive data in their jenv... which gets logged when you run with
--debug. However, it also means that we don't get all our really useful
debug log messages when something breaks in CI.
I made a fix for this (deleti