bamlab/fastlane-plugin-cordova

Hide password in console logs

azachar opened this issue · 6 comments

azachar commented

Hello,
currently, this plugin display passwords while running cordova tasks. Is it possible to strip it out?

Thank you!

Best regards,
Andrej

janpio commented

Can you show an example (with the password replaced of course)?

azachar commented

[15:53:27]: $ cordova prepare android --release --device -- --keystore=XXXXX.keystore --storePassword=XXXXXX --password=XXXX --alias=XXXXX --versionCode=52888606 --cordovaNoFetch=false

  • 👍1
janpio commented

Hm, problem is this is triggered by using the sh action:

fastlane-plugin-cordova/lib/fastlane/plugin/cordova/actions/cordova_action.rb

Line 86 in 35ab44c

sh "cordova prepare #{params[:platform]} #{args.join(' ')} #{ios_args} -- #{android_args}"

One can disable its output completely (see https://docs.fastlane.tools/actions/sh/), but as far as I know its not possible to filter it.

(To make sure: Can you show more context - a few lines before and after that command?)

azachar commented

NFO [2018-02-17 01:00:53.24]: ---------------------
INFO [2018-02-17 01:00:53.24]: --- Step: cordova ---
INFO [2018-02-17 01:00:53.24]: ---------------------
INFO [2018-02-17 01:00:53.25]: $ cordova prepare android --release --device -- --keystore=XXX.keystore --versionCode=52888624 --cordovaNoFetch=false .......

Is there any other way how to pass alias and password so it can be read from a variable directly. This leads to showing sh command even if there is a problem. So running this tool on CI, doesn't make so much sense then if every developer see all passwords for deployment...

  • 👍1
azachar commented

Here is a sample of error:

INFO [2018-02-17 01:00:54.31]: ▸ Error: Current working directory is not a Cordova-based project.
WARN [2018-02-17 01:00:55.23]: Lane Context:
INFO [2018-02-17 01:00:55.23]: {:PLATFORM_NAME=>:android, :LANE_NAME=>"android build"}
ERROR [2018-02-17 01:00:55.23]: Exit status of command 'cordova prepare android --release --device
-- --keystore=xxxx.keystore --versionCode=52888624 --cordovaNoFetch=false' was 1 in
stead of 0.
Error: Current working directory is not a Cordova-based project.

  • 👍1
janpio commented

Problem is that it has to be supplied to the Cordova command somehow - and inside the plugin and sub actions used it then would be possible to be output again as log or error.

I think Cordova also accepts it via a build.json file - but you would have to either commit that to your repo then (where everyone can see it) or create the file via fastlane (where it probably could again leak out into the logs).

Maybe someone else has a better idea how to simply solve this.