Mask password in "Added MAVEN property..." info messages / allow suppress the messages

Question

vlsi opened this issue 9 years ago · 5 comments

The list of valid variables is very helpful for initial usage of JCP, so it is good it is enabled by default.

However:

It is not that safe to print all the properties (e.g. mvn.project.property.password, mvn.project.property.gpg.passphrase, etc). maven logs can be copy&pasted and it might lead to unexpected sharing of the passwords.
It would be nice to have a configuration property to suppress that output (as it would no longer be required after JCP comments are in place)

Answer 1 · 2015-11-29T12:42:39.000Z

good point

Answer 2 · 2015-11-29T12:43:50.000Z

Re 1, varName.toLower().contains("pass") || varName.toLower().contains("key") might be a good start.

Answer 3 · 2015-11-29T13:12:25.000Z

may be print them only in verbose mode?

Answer 4 · 2015-11-29T13:19:31.000Z

may be print them only in verbose mode?

That will work provided it is documented in "quick start" section

Answer 5 · 2015-11-29T13:53:21.000Z

I made some changes to hide potentially private properties content in maven log, 7b6fc2d